ardra.biz Open in urlscan Pro
5.181.216.219 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ardra.biz/
Effective URL:
https://ardra.biz/
Submission: On March 19 via api (March 19th 2021, 9:07:29 pm UTC) from US

Summary HTTP 649 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 43 IPs in 8 countries across 45 domains to perform 649 HTTP transactions. The main IP is 5.181.216.219, located in Germany and belongs to AS-HOSTINGER, CY. The main domain is ardra.biz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 22nd 2020. Valid for: a year.

This is the only time ardra.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	5.181.216.219 5.181.216.219	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	2600:9000:206... 2600:9000:206f:0:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
13	13.226.159.12 13.226.159.12	16509 (AMAZON-02) (AMAZON-02)
68	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	52.84.118.10 52.84.118.10	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10 116	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
62	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
23	15.165.183.98 15.165.183.98	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:804::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
149	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
11	2600:9000:218... 2600:9000:2182:9800:18:69f:d880:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1 2	23.210.250.97 23.210.250.97	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2 14	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:400d:803::2001	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4002:815::2003	15169 (GOOGLE) (GOOGLE)
1	142.251.5.156 142.251.5.156	15169 (GOOGLE) (GOOGLE)
6 9	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1 1	18.195.77.77 18.195.77.77	16509 (AMAZON-02) (AMAZON-02)
4 4	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
5 5	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:73b:46ad:270f:ab37	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
1	3.248.141.37 3.248.141.37	16509 (AMAZON-02) (AMAZON-02)
2 2	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
1	172.67.39.17 172.67.39.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:29::a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
10 10	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:c::1	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:401... 2a00:1450:4010:c1c::5e	15169 (GOOGLE) (GOOGLE)
9 9	52.57.110.162 52.57.110.162	16509 (AMAZON-02) (AMAZON-02)
4 4	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE)
3 3	18.195.223.167 18.195.223.167	16509 (AMAZON-02) (AMAZON-02)
9 9	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
9	46.228.164.11 46.228.164.11	56396 (TURN) (TURN)
9 9	185.29.135.234 185.29.135.234	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	54.76.222.161 54.76.222.161	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:62::8	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
3	63.32.128.23 63.32.128.23	16509 (AMAZON-02) (AMAZON-02)
4 4	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
6 6	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
649	43

11 5.181.216.219 (Germany) 1 redirects

ASN47583 (AS-HOSTINGER, CY)
PTR: srv108.niagahoster.com

www.ardra.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ardra.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:0:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 13.226.159.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-12.dus51.r.cloudfront.net

compass.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.118.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-118-10.sof50.r.cloudfront.net

compasscdn.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

116 142.250.185.162 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 15.165.183.98 (Incheon, Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com

data.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:804::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

149 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2182:9800:18:69f:d880:93a1 (United States)

ASN16509 (AMAZON-02, US)

adopdmp.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.250.97 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-97.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:400d:803::2001 (Ireland)

ASN15169 (GOOGLE, US)

d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4002:815::2003 (Atlanta, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.5.156 (United States)

ASN15169 (GOOGLE, US)

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 6 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.77.77 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-77-77.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.252.103 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.249.164 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:73b:46ad:270f:ab37 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.141.37 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-141-37.eu-west-1.compute.amazonaws.com

unified.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.88 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.39.17 (United States)

ASN13335 (CLOUDFLARENET, US)

router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:29::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r4---sn-4g5e6nez.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::200e (Frankfurt am Main, Germany) 10 redirects

ASN15169 (GOOGLE, US)

redirector.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:c::1 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r1---sn-4g5e6nzy.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4010:c1c::5e (Lappeenranta, Finland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.57.110.162 (Frankfurt am Main, Germany) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-110-162.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.155.71.25 (Portsmouth, United Kingdom) 4 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.150 (United Kingdom) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.223.167 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2001:678:cb4:bbbb::11 (United Kingdom) 9 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 46.228.164.11 (United Kingdom)

ASN56396 (TURN, GB)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.29.135.234 (United Kingdom) 9 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.222.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:62::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r3---sn-4g5e6nsk.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.32.128.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-128-23.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:110:c305::8000 (United Kingdom) 4 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.6.253 (Denmark) 6 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
224	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com 59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com	3 MB
133	doubleclick.net 10 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net	2 MB
93	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com	1 MB
48	adop.cc compass.adop.cc compasscdn.adop.cc data.adop.cc adopdmp.adop.cc	133 KB
37	googletagservices.com www.googletagservices.com	1 MB
30	google.com 2 redirects adservice.google.com www.google.com	3 KB
20	gvt1.com 10 redirects redirector.gvt1.com r1---sn-4g5e6nzy.gvt1.com r3---sn-4g5e6nsk.gvt1.com	11 MB
18	turn.com 9 redirects ad.turn.com r.turn.com	8 KB
16	googleapis.com fonts.googleapis.com imasdk.googleapis.com	137 KB
15	google.de adservice.google.de	3 KB
11	ampproject.org cdn.ampproject.org	226 KB
11	ardra.biz 1 redirects www.ardra.biz ardra.biz	367 KB
9	mathtag.com 9 redirects sync.mathtag.com	6 KB
9	w55c.net 9 redirects pm.w55c.net	8 KB
9	quantserve.com 6 redirects cms.quantserve.com	3 KB
6	adform.net 6 redirects c1.adform.net	3 KB
5	casalemedia.com 5 redirects ssum-sec.casalemedia.com	5 KB
4	yahoo.com 4 redirects pr-bh.ybp.yahoo.com	2 KB
4	sitescout.com 4 redirects pixel-sync.sitescout.com	2 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	3 KB
4	openx.net 4 redirects rtb.openx.net	1 KB
3	adsrvr.org match.adsrvr.org	793 B
3	3lift.com 3 redirects eb2.3lift.com	1 KB
3	2mdn.net 1 redirects gcdn.2mdn.net r4---sn-4g5e6nez.c.2mdn.net	1 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	913 B
2	media.net 1 redirects contextual.media.net cs.media.net	40 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	addtoany.com static.addtoany.com	60 KB
2	optad360.io get.optad360.io	308 KB
1	simpli.fi 1 redirects um.simpli.fi	709 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	yieldmo.com ads.yieldmo.com	35 B
1	adkernel.com dsp.adkernel.com	233 B
1	blismedia.com tr.blismedia.com	136 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	695 B
1	1rx.io 1 redirects sync.1rx.io	828 B
1	travelaudience.com 1 redirects ads.travelaudience.com	608 B
1	infolinks.com router.infolinks.com	549 B
1	adsafeprotected.com unified.adsafeprotected.com	4 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	innovid.com ag.innovid.com	296 B
1	agkn.com 1 redirects d.agkn.com	667 B
1	google.be adservice.google.be	799 B
1	googleadservices.com partner.googleadservices.com	403 B
649	45

	Domain	Requested by
138	tpc.googlesyndication.com	googleads.g.doubleclick.net securepubads.g.doubleclick.net imasdk.googleapis.com ardra.biz tpc.googlesyndication.com d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com cdn.ampproject.org 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com www.gstatic.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com pagead2.googlesyndication.com
73	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net ardra.biz d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
62	pagead2.googlesyndication.com	ardra.biz pagead2.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
42	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net www.googletagservices.com ardra.biz d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
37	www.googletagservices.com	pagead2.googlesyndication.com compass.adop.cc googleads.g.doubleclick.net securepubads.g.doubleclick.net d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
33	www.gstatic.com	googleads.g.doubleclick.net d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
28	fonts.gstatic.com	fonts.googleapis.com
26	csi.gstatic.com	imasdk.googleapis.com www.gstatic.com securepubads.g.doubleclick.net
23	data.adop.cc	compass.adop.cc ardra.biz
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net ardra.biz f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
16	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
15	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
14	www.google.com	2 redirects googleads.g.doubleclick.net ardra.biz d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
14	fonts.googleapis.com	googleads.g.doubleclick.net d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com securepubads.g.doubleclick.net 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
13	compass.adop.cc	ardra.biz
11	cdn.ampproject.org	securepubads.g.doubleclick.net 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
11	adopdmp.adop.cc	compass.adop.cc
10	redirector.gvt1.com	10 redirects
10	ardra.biz	ardra.biz
9	r3---sn-4g5e6nsk.gvt1.com	81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
9	sync.mathtag.com	9 redirects
9	r.turn.com	ardra.biz
9	ad.turn.com	9 redirects
9	pm.w55c.net	9 redirects
9	cms.quantserve.com	6 redirects googleads.g.doubleclick.net e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
6	c1.adform.net	6 redirects
5	ssum-sec.casalemedia.com	5 redirects
4	pr-bh.ybp.yahoo.com	4 redirects
4	pixel-sync.sitescout.com	4 redirects
4	encrypted-tbn2.gstatic.com	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
4	image6.pubmatic.com	4 redirects
4	rtb.openx.net	4 redirects
3	match.adsrvr.org	4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
3	eb2.3lift.com	3 redirects
3	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	encrypted-tbn0.gstatic.com	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
2	r4---sn-4g5e6nez.c.2mdn.net	ardra.biz
2	ib.adnxs.com	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	www.google-analytics.com	ardra.biz www.google-analytics.com
2	static.addtoany.com	ardra.biz static.addtoany.com
2	get.optad360.io	ardra.biz get.optad360.io
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
1	cs.media.net	1 redirects
1	ads.yieldmo.com	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
1	dsp.adkernel.com	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
1	tr.blismedia.com	f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	ads.travelaudience.com	1 redirects
1	r1---sn-4g5e6nzy.gvt1.com	d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
1	59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	gcdn.2mdn.net	1 redirects
1	router.infolinks.com	ardra.biz
1	unified.adsafeprotected.com	imasdk.googleapis.com
1	cdn.jsdelivr.net	get.optad360.io
1	ag.innovid.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	contextual.media.net	ardra.biz
1	adservice.google.be	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	compasscdn.adop.cc	ardra.biz
1	www.ardra.biz	1 redirects
649	76

This site contains links to these domains. Also see Links.

Domain
www.addtoany.com
wordpress.org

Subject Issuer	Validity	Valid
ardra.biz Sectigo RSA Domain Validation Secure Server CA	`2020-08-22` - `2021-08-22`	a year	crt.sh
*.optad360.io Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
*.adop.cc Amazon	`2020-10-24` - `2021-11-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
*.google.de GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.be GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-09` - `2021-04-17`	a month	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2020-12-18` - `2022-01-16`	a year	crt.sh
*.c.docs.google.com GTS CA 1O1	`2021-03-11` - `2021-05-20`	2 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.turn.com DigiCert SHA2 Secure Server CA	`2020-03-18` - `2021-04-19`	a year	crt.sh
tr.blismedia.com GTS CA 1D2	`2021-03-03` - `2021-06-01`	3 months	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.yieldmo.com Amazon	`2020-06-23` - `2021-07-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh

This page contains 60 frames:

Primary Page: https://ardra.biz/
Frame ID: 0C1E10EDA4D2190611777FBAF74CAD4C
Requests: 61 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/zrt_lookup.html
Frame ID: 33F8B765A83F6F0F3C16D68CD950A4CF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1913364358&adk=3023123312&adf=1391123618&pi=t.ma~as.1913364358&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188023152&bpp=20&bdt=678&idt=123&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7078662019081&frm=20&pv=2&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=1474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=NY2NNWfFBY&p=https%3A//ardra.biz&dtd=166
Frame ID: D72F155A07E67EA005F0420011D31670
Requests: 14 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=WTu&percentage=false&size_width=300&size_height=250&
Frame ID: 74D56E36BDBDEB2528B7EF6A58ABAB7B
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js
Frame ID: D64BC8327212F5E9C1AC56453576627D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35
Frame ID: 8050F78BA5F2DE26F033DB9CFCB27FDC
Requests: 19 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=BdF&percentage=false&size_width=300&size_height=250&
Frame ID: 1815DAD8D5A43D499DD7FC2713867685
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=T5F&percentage=false&size_width=300&size_height=250&
Frame ID: 8F3C15ACA2899765FA089108772BFC28
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=PQV&percentage=false&size_width=300&size_height=250&
Frame ID: 4DF0D01FCD86E689CE3B417490080597
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=XDL&percentage=false&size_width=300&size_height=250&
Frame ID: 1E550DB6BA6EBAAA43EFC6324AC21F3C
Requests: 14 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=9XN&percentage=false&size_width=300&size_height=250&
Frame ID: 5C923059873AA57087BE1FCD39722577
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=awa&percentage=false&size_width=300&size_height=250&
Frame ID: 994460E00AE959F28B9757206D3A0DA9
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=kwy&percentage=false&size_width=300&size_height=250&
Frame ID: 2110606269DEF8818C25D61710465597
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=ITN&percentage=false&size_width=300&size_height=250&
Frame ID: 42C06086428AB11895C6061463EA632A
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=qVY&percentage=false&size_width=300&size_height=250&
Frame ID: 2C79381FDF0BCB960F56C97F881546D9
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=bu9&percentage=false&size_width=300&size_height=250&
Frame ID: 56E8DD047E7D145F2906CE7F0154F3C1
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0DF6AFF31CB74EAFDB25950DA36E7C11
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&adk=1812271804&adf=3025194257&lmt=1615962396&plat=1%3A32776%2C2%3A32776%2C8%3A134217792%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fardra.biz%2F&ea=0&flash=0&pra=7&wgl=1&dt=1616188026168&bpp=1&bdt=3694&idt=1&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280%2C660x280&nras=1&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=21
Frame ID: FBED3EC62730560E5BD3407743EE6E54
Requests: 1 HTTP requests in this frame

Frame: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Frame ID: 1ACEDCCD23C304823342DF59B05B1E54
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=600&adk=3985668065&adf=1196703320&pi=t.aa~a.2979750109~rp.4&w=248&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&to=qs&pwprc=7997325349&psa=0&format=248x600&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1616188026471&bpp=3&bdt=3997&idt=3&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280%2C660x280%2C0x0&nras=2&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=181&ady=1766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=XdjDefdH6O&p=https%3A//ardra.biz&dtd=138
Frame ID: E1AA0F941CF9D6B73C6391F5AFD2EA67
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 9EB95529C0D7643117E69F0376D2D0C3
Requests: 16 HTTP requests in this frame

Frame: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 35371B989FC1F7F916C0B86D6B929199
Requests: 17 HTTP requests in this frame

Frame: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: A5972FFAB4796338C605317FE0220B50
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 436DD81E75F6CF402E60556FD0F21AEB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: A84AF23F9F4057FBF0BECA4C8566467A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html
Frame ID: 99B093AC3A0437C40BE886FD68635FF7
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1090C6DF7AB9C6ADF5382E545CF1B80A
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 4F638065C57B66DD069781BB802BB530
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 93A4E2E6FB9175E882F5969860220026
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: EF4066FE146652F3A6566484A3BCB9E7
Requests: 2 HTTP requests in this frame

Frame: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: 010D26B56ACA8BB60B1DF9470B11130A
Requests: 20 HTTP requests in this frame

Frame: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: D3A2311D6A4CB7E470599CF88C7E498A
Requests: 21 HTTP requests in this frame

Frame: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: 809F697D9CF1DF7CB09094F5F876F540
Requests: 21 HTTP requests in this frame

Frame: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: FCBCCE5BF26E1310034C7880095EFD31
Requests: 21 HTTP requests in this frame

Frame: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: 869D170B82449DA958D40F350BAAF0F9
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js
Frame ID: E7711448D4671508AECFA8F031B537D3
Requests: 1 HTTP requests in this frame

Frame: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: 56BDF778C19A750AF035DA9076C384BF
Requests: 21 HTTP requests in this frame

Frame: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Frame ID: F28F9076D3AE7D94934E9A650E30B674
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: F2C4096C90A3DC186BCE0E9A99F6DA04
Requests: 2 HTTP requests in this frame

Frame: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 95AA395F81FAFCC0CF1FBC774A77B753
Requests: 22 HTTP requests in this frame

Frame: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Frame ID: 6549F64CCEE8720154B26E991EBCCC62
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B618A4BD7B6467CD14DFD92BB6D532D3
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C39BB2D126F5796434CE6ACA78E8C299
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 470A2EBA6C8D598BFFCD86B461952E3D
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 84ED435476CB4316296092235D7433D0
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 87E8DAA2C302B1D4C18FD73132986A0B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9897635D9B6ED1C59AE10BA8E4FA5615
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A223D6195D4C1510B19F1D322C414DB7
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F57899DFD9B4B26C275D30783F2527C7
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9A23D080FDFFBF12C1100E114A8830B5
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: BFDA280A02409261E38F0AFA20C80C0C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: A669E37D2715FE2AF66B4E137F71DB78
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: FDDD23C5C98FD00F409A8D34C2869551
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 70B6907EE6071BF9DC094690A3BB4DFD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: E08FFD53DF8349534B2FF1E3210B6B57
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 4C0CF18626A873A50649D22DDB7F2024
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 003644AD1B4FDC10294DABD243121061
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 3C58953B699A423AF793699EC92E7030
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 6E7BA4A8228A6408505F83CDF455D326
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 3B2B62464821743826FBA13AE3AAFE79
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.ardra.biz/ HTTP 301
https://ardra.biz/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /addtoany\.com\/menu\/page\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

649
Requests

100 %
HTTPS

53 %
IPv6

45
Domains

76
Subdomains

43
IPs

8
Countries

18954 kB
Transfer

28831 kB
Size

1
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fpendapatan-disposibel-disposible-income-di%2F&title=Pendapatan%20Disposibel%20Disposible%20Income%20(DI)%20Pengertian%20Contoh%20Soal
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fbudaya-politik-pengertian-orientasi-jenis-alat-sarana-sosialisasi-parokial-kaula-subjek-partisan%2F&title=Budaya%20Politik%3A%20Pengertian%20Orientasi%20%E2%80%93%20Jenis%20Alat%20Sarana%20Sosialisasi%20Parokial%20%E2%80%93%20Kaula%20%E2%80%93%20Subjek%20Partisan
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fpengertian-unsur-hukum-ciri-hukum-sifat-hukum-asas-hukum-tujuan-fungsi-jenis-hukum%2F&title=Pengertian%20Unsur%20Hukum%20Ciri%20Hukum%20Sifat%20Hukum%20Asas%20Hukum%20Tujuan%20Fungsi%20Jenis%20Hukum
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fpengertian-tujuan-fungsi-tugas-wewenang-hak-kewajiban-mpr-dpr-dpd-bpk-ma-ky-presiden-wakil-presiden%2F&title=Pengertian%20Tujuan%20Fungsi%20Tugas%20Wewenang%20Hak%20Kewajiban%20MPR%20DPR%20DPD%20BPK%20MA%20KY%20Presiden%20Wakil%20Presiden
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fteori-kedaulatan-pengertian-kedaulatan-tuhan-raja-negara-hukum-rakyat%2F&title=Teori%20Kedaulatan%3A%20Pengertian%20Kedaulatan%20Tuhan%20Raja%20Negara%20Hukum%20Rakyat%20%E2%80%93%20Sifat%20Prinsip%20Dasar
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fsistem-demokrasi-pengertian-asas-prinsip-jenis-bentuk-nilai-dasar-ciri-sikap-perilaku-positif-demokrasi%2F&title=Sistem%20Demokrasi%3A%20Pengertian%20Asas%20Prinsip%20Jenis%20Bentuk%20Nilai%20Dasar%20Ciri%20Sikap%20Perilaku%20Positif%20Demokrasi
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fmodal-bank-pengertian-fungsi-kecukupan-modal-minimum-bank-contoh-perhitungan-atmr-car-bank%2F&title=Modal%20Bank%3A%20Pengertian%20Fungsi%20Kecukupan%20Modal%20Minimum%20Bank%20Contoh%20Perhitungan%20ATMR%20CAR%20Bank
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fnilai-objektif-subjektif-pancasila-pengertian-fungsi-pokok-pikiran-dasar-negara-ideologi-pandangan-hidup%2F&title=Nilai%20Objektif%20Subjektif%20Pancasila%3A%20Pengertian%20Fungsi%20Pokok%20Pikiran%20Dasar%20Negara%20Ideologi%20Pandangan%20Hidup
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fsiklus-hidrologi-pengertian-jenis-sumber-air-tanah-pola-aliran-sungai-danau-rawa-laut%2F&title=Siklus%20Hidrologi%3A%20Pengertian%20Jenis%20Sumber%20Air%20Tanah%20Pola%20Aliran%20Sungai%20Danau%20Rawa%20Laut
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fklasifikasi-iklim-pengertian-ciri-negara-iklim-fisis-matahari-koppen-schmidt-ferguson-oldeman-junghuhn%2F&title=Klasifikasi%20Iklim%3A%20Pengertian%20Ciri%20Negara%20Iklim%20Fisis%20Matahari%20Koppen%20Schmidt-Ferguson%20Oldeman%20Junghuhn
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2Fpengertian-unsur-cuaca-suhu-udara-jenis-angin-kelembapan-awan-kabut-embun-hujan%2F&title=Pengertian%20Unsur%20Cuaca%3A%20Suhu%20Udara%20Jenis%20Angin%20Kelembapan%20Awan%20Kabut%20Embun%20Hujan
Title: Share

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Dengan bangga bertenaga WordPress

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fardra.biz%2F&title=ardra.biz%20%E2%80%93%20moralitas%2C%20mentalitas%2C%20intelektualitas
Title: Share

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ardra.biz/ HTTP 301
https://ardra.biz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 95

https://d.agkn.com/pixel/2175/?google_gid=CAESEEKOOdrgygtTANPZaVYED1g&google_cver=1&google_push=AQvitUIii5-VFi3t6z3duO0tolPV7AlCh2FuUHwIhnHR-1Ec6KgQqp5S_XaMomJ-Ty8VwqA7_Smh0UIHv4dRiG2z7Ren3VnVr7yK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VFS09PZHJneWd0VEFOUFphVllFRDFn

Request Chain 96

https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&google_hm=apxhMZn9yiEuiS80OTs60A==

Request Chain 97

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBe0QEHH5oTI2HrYsjVOESA&google_cver=1&google_push=AQvitUJ0_bf27XD7NcaEcrD2oyZ-Z8lRIoSOa-6OeC3UMYFPzOHcUsRVah0TFUfLeI0zNW8MWtgmxf9d8AVZ0seY54RaLFLe_IY HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBe0QEHH5oTI2HrYsjVOESA&google_cver=1&google_push=AQvitUJ0_bf27XD7NcaEcrD2oyZ-Z8lRIoSOa-6OeC3UMYFPzOHcUsRVah0TFUfLeI0zNW8MWtgmxf9d8AVZ0seY54RaLFLe_IY&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=-UhCSG2tTQag-l__RyqSaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ0_bf27XD7NcaEcrD2oyZ-Z8lRIoSOa-6OeC3UMYFPzOHcUsRVah0TFUfLeI0zNW8MWtgmxf9d8AVZ0seY54RaLFLe_IY

Request Chain 98

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEN9t-IyN9DfxbEYFgJHZnQM&google_cver=1&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt88G9yRhcbITJwMmMssch58wC0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01EVUctQy1HNTNK&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt88G9yRhcbITJwMmMssch58wC0

Request Chain 99

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiGyBDsmpcnRg HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiGyBDsmpcnRg&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSeShB-UEjDYPwW8qjkAAABFAAAAIB&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiGyBDsmpcnRg&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1

Request Chain 135

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=0

Request Chain 141

https://gcdn.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/2A0997C21415FCBF2A752B0C9C440A8D4180860.2DD4AF3D8D0E5DFB194BC2F3BF7EBBC079F2894E/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7067AE55570BC46B2061A25947F728DD6F96917B.3D0D9DF6BEC49084473CE2E28A7DFE57373E26BF/key/cms1/cms_redirect/yes/mh/u3/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1616187389/mv/m/mvi/4/pl/47/file/file.mp4

Request Chain 189

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 235

https://redirector.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=0EDB5E24B9C689C7ADE72F6B93A28D1BA9052EAD.7A460B3109024203D42BD5801FFF31F85732E7DB&key=ck2 HTTP 302
https://r1---sn-4g5e6nzy.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2BE2ED773DB827583CD01744467E61EA6AE26C18.1B020C3F5B4D645912AF75C164F8DA5A5C41C8D8&key=cms1&cms_redirect=yes&mh=Cf&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nzy&ms=nvh&mt=1616187456&mv=u&mvi=1&pl=47

Request Chain 326

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTGPwipJuUXJc1zfaXd4iPTG2U7Sh9yoaeYxUTNyB6n0-wYjs9ktOyQ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTGPwipJuUXJc1zfaXd4iPTG2U7Sh9yoaeYxUTNyB6n0-wYjs9ktOyQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTGPwipJuUXJc1zfaXd4iPTG2U7Sh9yoaeYxUTNyB6n0-wYjs9ktOyQ

Request Chain 327

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEJRCRkfzjfW-7KbtJ9jt590&google_cver=1&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjsh3zyEco8-4tZkaDjMj9w HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjsh3zyEco8-4tZkaDjMj9w&google_sc&google_hm=EBAQEA

Request Chain 328

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKnUToadH83oiKh-MnpT6xU&google_cver=1&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFjC6XWKL9u16g HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pEUTwtcUQbWb-nJK5KhWgw2&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFjC6XWKL9u16g

Request Chain 329

https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&google_hm=ObA3H1fFz5kBYlUUh11OhQ==

Request Chain 330

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqmeTk27v5Xk HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqmeTk27v5Xk&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqmeTk27v5Xk&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1

Request Chain 331

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG1VaU_ipBfoOLXETXxfAW0&google_cver=1&google_push=AQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-86528e59-88fb-4c55-a957-5172fa621b91-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg%26google_hm%3DA4ZSjlmI-0xVqVdRcvpiG5E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg&google_hm=A4ZSjlmI-0xVqVdRcvpiG5E

Request Chain 332

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFVMTcLX8DTTdCohUr3VC7M&google_cver=1&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU&google_gid=CAESEFVMTcLX8DTTdCohUr3VC7M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU

Request Chain 349

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIW0Cgzy32QHWzS0395v5Bc&google_cver=1&google_push=AQvitULVKKhiBbDHlESHdXzOaOAH74tf3WFxu9XwyxvGlBZxy-UvMXoZHU791L3VqNASpD3NymO6MAhBMAzxrog20qV9AEioaZES HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 350

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECaL3zObfJjjXvjCltD2Yig&google_cver=1&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XVCo79qKUJep4l HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XVCo79qKUJep4l

Request Chain 351

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEJRCRkfzjfW-7KbtJ9jt590&google_cver=1&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSfCV5KLqhDnX7BuEiRNxWw HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSfCV5KLqhDnX7BuEiRNxWw&google_sc&google_hm=EBAQEA

Request Chain 355

https://cs.media.net/cksync?type=g&google_gid=CAESEAizIKwzJUsDrjsZ_4zmXwM&google_cver=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5RWlsFc_nts6Nz7unQh3SPPqIDhY7x0_PYpZ4j3FQqVWXzSjoba1CVtWhKKOC1yyuueMON HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&mn_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5RWlsFc_nts6Nz7unQh3SPPqIDhY7x0_PYpZ4j3FQqVWXzSjoba1CVtWhKKOC1yyuueMON

Request Chain 395

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 435

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=0AF5CEE241821D570A72E180AFD7A47784F50889.32F675BE5101474A3CA43097909F616128CE77F5&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=030A8942A0E7E8E65C9C3BB69564FB1D00412F5F.158A17A1B863088F56067C017618C3D52A11EBBA&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 462

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=86DC6AC448467A931A942BBA352A28351213F2FE.134ED20D231233CCC9529984278A493B8D6A52D3&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2719E647F5EF4DCC5C7505650C7C95360562E00F.1BBE21D2D13BFBD97ED10B994BAC746F89A3F9C2&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 473

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=69A7847D5D042EDA73A2278C3ABF4876D11B9D99.670B0673D5994657D4D510E19F6DF34A4E3460D1&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=79406EBD259ABC830C0FCDE922F59BDCDE70234A.346F3A3627B050D91CF25878D66786E2499EC0A8&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 516

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=A4F7738B1C896434D5DC8A16C2D132CFC1BFB461.0B575571DBEF6AA21216F2392562D5F7275ABA26&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64A4156D6167DC39F3F0F47CF5F473F2F627325C.27D4051486AAD03B8F27B27D0E7FF630FF31295D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 519

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUI6iyUk4O76BTis_uPCtnXIRgztk2HAEvMmXktY0DP2wYArps-OuxzbKTTUnBiof3_uaGRGRf23pkCTsrClyOdtWNMdckpX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 521

https://um.simpli.fi/gp_match?google_gid=CAESEJDx-0yAPs4oKjdCMGSIc9Q&google_cver=1&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2oG-hOtn92F8s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6BE7CB1F80FB4AEEBFA7B4E061332D67&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2oG-hOtn92F8s

Request Chain 522

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJHdMME_rivzQu-ldAGag-M&google_cver=1&google_push=AQvitULMMWj5sywf3CLfBTtl_ZdgEAmwM-ejoD6ri2TYuLCmqsDoDosgwI2GmOU1KoIXNRvjjZvsv6uMI5PwUIavCkD47YIFeOKx HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJHdMME_rivzQu-ldAGag-M&google_cver=1&google_push=AQvitULMMWj5sywf3CLfBTtl_ZdgEAmwM-ejoD6ri2TYuLCmqsDoDosgwI2GmOU1KoIXNRvjjZvsv6uMI5PwUIavCkD47YIFeOKx&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=U7XhKR8XRV6_6kt4QTWiQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULMMWj5sywf3CLfBTtl_ZdgEAmwM-ejoD6ri2TYuLCmqsDoDosgwI2GmOU1KoIXNRvjjZvsv6uMI5PwUIavCkD47YIFeOKx

Request Chain 523

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAhBvu4ecDsRs2il6zezDQY&google_cver=1&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbeK7GQfRdzRlko4lbhnfnPqyS6G HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01HWkItWi1FUUVD&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbeK7GQfRdzRlko4lbhnfnPqyS6G

Request Chain 524

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJVCEo8EQ_0prr-_nWvQ0LI&google_cver=1&google_push=AQvitUKR54784bvLhlFQqDbc9AwKUNf7gvfDlnVY8kNNUkWAlWoVGCfu92ltwWtWa7Ese4rM9E4WW9vbK3xwv_5CipJ91TKe_Wpw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_cver=1&google_push=AQvitUKR54784bvLhlFQqDbc9AwKUNf7gvfDlnVY8kNNUkWAlWoVGCfu92ltwWtWa7Ese4rM9E4WW9vbK3xwv_5CipJ91TKe_Wpw&google_gid=CAESEJVCEo8EQ_0prr-_nWvQ0LI

Request Chain 525

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEPjT5Ah52cMYQAtZ-fbWuiA&google_cver=1&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2Wgs4SGneyvx4GbkK-UGkLOvpJzZWN8Z0BA1Q40jsL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2Wgs4SGneyvx4GbkK-UGkLOvpJzZWN8Z0BA1Q40jsL

Request Chain 527

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=467E860B08F383DEBEF91E4A9FC28D7224F9BB.17583399095417FB9DE0BB311B91CAA66D412A5B&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=1B636E1FC46D415F7896B6EA27262D362FAE9DC3.4990039386C4AB5463E14286CEC04E16CAB0D495&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 539

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJNzEeCaTNvYJELBDO4Yx08O8eYvTFv-TBLqPKMogxZfE0r14ArEDgDCCfr7HBiyeUgESZ_oT2F3bqiCUV_BCNjUvab17k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 541

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKsDPsLR3rqMilxqG_5i9O90Lt5-nWDetIuKg8RzD4vpdKNLKM0QGiVYhoApVYH3-2pyu6-A_Cqhczc05DgZJVR-qe6Tug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKsDPsLR3rqMilxqG_5i9O90Lt5-nWDetIuKg8RzD4vpdKNLKM0QGiVYhoApVYH3-2pyu6-A_Cqhczc05DgZJVR-qe6Tug

Request Chain 542

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0r92F0bTHcf0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0r92F0bTHcf0

Request Chain 545

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=5A028DA9AA7E307E42659DB99DDACD67AF5C77BD.113879163CECE3FBF4A775F8DC1FBB40890E1E55&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=079EBAC358235D0FEABD7FC74F90834720C31653.1BD698919B9225D707820B2E6EE123A7FD176417&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 556

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUIPiS6vWCbuDh087HLsfcplu4_IZIvb2pRmWgp59nYeudFJ93Enm90mH8H--MBWTkV7IgcVB2RxiJ41Ol30cJJ1MXlUk-tI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 558

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULeqpGvXp4U6BEsI8vniKZalWjSFpZIlcNIi8yFcQ99xYUhofYSsyl5oLkdegNYd7ZxQBNVNJ8DPxFWX2qxRYbZFm9Z3lcs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULeqpGvXp4U6BEsI8vniKZalWjSFpZIlcNIi8yFcQ99xYUhofYSsyl5oLkdegNYd7ZxQBNVNJ8DPxFWX2qxRYbZFm9Z3lcs

Request Chain 559

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4mC0L93GO1m9q7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4mC0L93GO1m9q7

Request Chain 565

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=3197CC304434F45A564E737FD37EC6F0B85F7608.2D8773E36A03FBBFEE656D83AE1175800F38719B&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=063D58F336AEFFB4181DA5A70200BE68D551882F.06E8A418D4120154041285813C7437D37EF6529D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 578

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=98DBDCBC5F9FF57D229A41B39D255AEDD6616633.58EFA8C8DFBB10ECCCDE82F70AC338CA48F94D32&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=63F55E0888DF3BD35623F525FB83E87305020AEA.2DC73C0C4EEB1380DAD3D512769CA42AA6DE6ED3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 583

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=AD65D610C2141BDC55B1A0965A5916A531F32A3C.62558A960AF0AB383E9B19FB9A10ABE73F4D05D5&key=ck2 HTTP 302
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=360DBCC77C4259A81A255623499CA9C6C3B6AB69.507626AB84EB70536B92A253DE1BB3498E69EAA3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Request Chain 588

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJdjIIHXtgug5IUbGV3tMHd_kcLz8Vm1vd4NSWhpzPKeY26EVBSIISvex-jc5QhtICA8ZXLJOA0uMGbWSS6jdrij50C7OYf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 589

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilTwGOFmmDMQDoydrcZbPtlMy9tpIYBMQOFtXL4slem1y HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilTwGOFmmDMQDoydrcZbPtlMy9tpIYBMQOFtXL4slem1y&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Request Chain 590

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUIcww1ZcLSoEwoS7mzg4e_dFZZXtl8E8CLyj-LNpqBsHeBdF4KIUruYY25UjTLiWzy9AyX2IsAfNpgGxF-KJq5sa0bWxzj6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUIcww1ZcLSoEwoS7mzg4e_dFZZXtl8E8CLyj-LNpqBsHeBdF4KIUruYY25UjTLiWzy9AyX2IsAfNpgGxF-KJq5sa0bWxzj6

Request Chain 591

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrKWYLaioByLIyU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrKWYLaioByLIyU

Request Chain 593

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUKvXxtoPnrYYq9o6Ru257rRyvNOvBWScUHv-3QNYkv2HI77TOJW7_OayCAUkjQwrWFKUmDWmSIiwBIVZd7LaFfAYSxxqY0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 594

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eokoy3Ba85AgrNGHTkK5yDKgn1RGA1wT47ucVMqKxhA HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eokoy3Ba85AgrNGHTkK5yDKgn1RGA1wT47ucVMqKxhA&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Request Chain 595

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULyLXC_og5G0JDy2Eh_d8ltg8IGy7V-v9rc_v2NmLS5RwyHY0tJgKs9eSMwcIF6G-QIUDOLJFRAnDuvXAHcFxk6ECknp4k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULyLXC_og5G0JDy2Eh_d8ltg8IGy7V-v9rc_v2NmLS5RwyHY0tJgKs9eSMwcIF6G-QIUDOLJFRAnDuvXAHcFxk6ECknp4k

Request Chain 596

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA7RLraNgWIHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA7RLraNgWIHY

Request Chain 598

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Request Chain 599

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3JbZKQcNYB_w_AGI0UA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3JbZKQcNYB_w_AGI0UA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzMDEyNjA2MjMzMTU2OTA1Ng&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3JbZKQcNYB_w_AGI0UA

Request Chain 603

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUImcgLAHuyK1WpvJX5FU8tpXcvrlfUTyGJ08lfXfiwqhrnwuGtfle_iLh9RaVLh9lECdTEEkZe3yKjSjlioS1u7Qu5UnfdT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 604

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh20P7_p3Q4ABhVFHX3tYtt_MkCQCrKJPeOd8Tw-Kz0 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh20P7_p3Q4ABhVFHX3tYtt_MkCQCrKJPeOd8Tw-Kz0&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Request Chain 605

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb5HPI_3EWIr0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb5HPI_3EWIr0

Request Chain 607

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEIpzwr0bWRmyTUTHopv2jpU&google_cver=1&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z1uEkjz5X7ur5MD1trfQA HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z1uEkjz5X7ur5MD1trfQA&google_sc&google_hm=EBAQEA

Request Chain 608

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7pUWfLP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7pUWfLP&google_hm=ODE2MDgwMzI2NDA4MjEzNTU3OQ%3D%3D

Request Chain 609

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1BrhZkfzkpiafkVBRmSAROm HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1BrhZkfzkpiafkVBRmSAROm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQxODQyMDAxOTE3NTQ1MTc3MQ&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1BrhZkfzkpiafkVBRmSAROm

Request Chain 614

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUITHst-YioGle8WX_lqtv_gsizZFwGvAtQPadnu-vPNnS7fqncH9vAp0RDi0eD2LaS2NpLKDspGSTs5DVMQdLtIrwUxcuU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 615

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpVOvD_aeH9ACK5zbcOGsLc4imnPneFJ-uvX4f6mumq8X HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpVOvD_aeH9ACK5zbcOGsLc4imnPneFJ-uvX4f6mumq8X&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Request Chain 616

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKDaU9qOWZolyggspsazL0qVGJPJPJKe2Q20sYeDhq_KHrup7Ktik8Sj_I-3zkdLqs93dpzNdgfcOM_RAu0s9tgJflMBss HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKDaU9qOWZolyggspsazL0qVGJPJPJKe2Q20sYeDhq_KHrup7Ktik8Sj_I-3zkdLqs93dpzNdgfcOM_RAu0s9tgJflMBss

Request Chain 617

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8XiXeHPavmV_Ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8XiXeHPavmV_Ig

Request Chain 623

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJXtwowAHcJmgBhT7hvQSPhmrUiJXMX2ZmeRvNZrgo5UFdVb_BBWNFpkuiZCleE6gjmBFQIOAOhCJA1pja8SNk_EjVJ93c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

Request Chain 624

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEcqavxa5YO-eY3M5JZk6S_guA6f40ERdA2JqKEKW5w HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEcqavxa5YO-eY3M5JZk6S_guA6f40ERdA2JqKEKW5w&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Request Chain 625

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJspOenQd-ntjffGX7Dvuo3YMYYs03FpP-7pLnStitX5TU0QCuXu-kord1O9cFr-j48I6tx6sFwo7K-dG8KiUV5Hszmw6c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJspOenQd-ntjffGX7Dvuo3YMYYs03FpP-7pLnStitX5TU0QCuXu-kord1O9cFr-j48I6tx6sFwo7K-dG8KiUV5Hszmw6c

Request Chain 626

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J_JL6bDsoMTU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J_JL6bDsoMTU

Request Chain 627

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEIpzwr0bWRmyTUTHopv2jpU&google_cver=1&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6UJ2NqBwF62F_an4yER5g HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6UJ2NqBwF62F_an4yER5g&google_sc&google_hm=EBAQEA

Request Chain 628

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Request Chain 629

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0nvZa4gzUo1tu-krd5EKAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDE1NDUwMDkzODUwMDk0NDUyNw&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0nvZa4gzUo1tu-krd5EKAc

Request Chain 631

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1kP6_rYSFOGCTP1uw HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1kP6_rYSFOGCTP1uw&google_tc=

Request Chain 632

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJzcRfNbZ1KBJy2JURYWPGeCKpNDrITNuCOKKr-QefyXcKemViW6puiP_oRJATMFomq4eTd5dRaf0lLL-Y0WYy-DW-wqcLM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJzcRfNbZ1KBJy2JURYWPGeCKpNDrITNuCOKKr-QefyXcKemViW6puiP_oRJATMFomq4eTd5dRaf0lLL-Y0WYy-DW-wqcLM

Request Chain 633

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0E40B79AQbW7L HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0E40B79AQbW7L

Request Chain 635

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3KLBod HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3KLBod&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Request Chain 636

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH04esi_KPN2luRHEHiTIMgi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk2OTUwMTg2OTc1MTcxNjc4Nw&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH04esi_KPN2luRHEHiTIMgi

649 HTTP transactions
43 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ardra.biz/
Redirect Chain

https://www.ardra.biz/
https://ardra.biz/

601 KB
141 KB

374ms
189ms

Document
text/html

5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed / PHP/7.2.34
Resource Hash: 5aa77a95219ea5b3b16b99251ebcf114b94a93d7516ef50acf56f997f3e1666c

Request headers

:method: GET
:authority: ardra.biz
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Cookie,User-Agent
cache-control: max-age=3, must-revalidate
last-modified: Wed, 17 Mar 2021 06:26:36 GMT
content-length: 144041
content-encoding: gzip
date: Fri, 19 Mar 2021 21:07:02 GMT
server: LiteSpeed

Redirect headers

x-powered-by: PHP/7.2.34
vary: Accept-Encoding, Cookie,User-Agent
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://ardra.biz/
cache-control: public, max-age=0
expires: Fri, 19 Mar 2021 21:07:02 GMT
content-length: 0
date: Fri, 19 Mar 2021 21:07:02 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

GET
H2 200 autoptimize_fc7b40a58da4e8a9a8f4bbbc7f10786b.css
ardra.biz/wp-content/cache/autoptimize/css/ 175 KB
36 KB 505ms
504ms Stylesheet
text/css 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-content/cache/autoptimize/css/autoptimize_fc7b40a58da4e8a9a8f4bbbc7f10786b.css
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: a71f901b83282f322e234cc0c502ff3603acf033f42229195f95c5d15da6d814

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:02 GMT
content-encoding: br
last-modified: Wed, 17 Mar 2021 06:26:36 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=86400
accept-ranges: bytes
content-length: 36886
expires: Wed, 09 Mar 2022 21:07:02 GMT

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/03625cb4-a9b5-4bd2-aa05-02a729450db5/ 221 KB
63 KB 52ms
25ms Script
application/javascript 2600:9000:206f:0:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/03625cb4-a9b5-4bd2-aa05-02a729450db5/plugin.min.js
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cbe3a673b27b49349e7d2bf044cdd0ac5973629486f99c2c9ef5bee9571d9fab

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 12:35:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: W/"f5f493f215e7372dae073a8204ed49ba"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 f358cf5f46d10c349187abd5e20e06cf.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-id: Dez9ETdI_EQh2_Rv5mywcHDYX0v3WCNIiPPYRvrXUTOooGokU_CFUA==

GET
H2 200 adopJ.js Show response
compass.adop.cc/assets/js/adop/ 3 KB
2 KB 79ms
78ms Script
application/javascript 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adopJ.js?v=10
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:04:03 GMT
content-encoding: gzip
last-modified: Wed, 03 Jun 2020 07:46:29 GMT
age: 214
etag: W/"5ed75555-d79"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: DUS51-C1
content-length: 1938
x-amz-cf-id: afmV_pOztj_NTMKauCxOJP8Pw-LMt7AZAxGVLZbvXYFZpzpZWmOQog==
expires: Fri, 19 Mar 2021 21:13:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 27ms
24ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

760943c5458d877bf9b8cb655c079df027c5f4d0814a7d39968101bbd5d36016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49851
x-xss-protection: 0
server: cafe
etag: 10627910760205795077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 d8b250e0-ab9b-43a9-85df-5c01cb0435d4 Show response
compass.adop.cc/ST/ 1 KB
937 B 888ms
787ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/ST/d8b250e0-ab9b-43a9-85df-5c01cb0435d4
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 35f9b2dd81113b091c4b2b69404790ff42f8614efc93e1f43506161add9e544a

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 604
x-amz-cf-id: U-CEqAaVsFABR7lP_eNxqQ6FaQjCvd30BTMUQpdXqP-TPORAXaMV9A==

GET
H/1.1 200
OK adop_collapse_1.1.8.min.js Show response
compasscdn.adop.cc/js/ 5 KB
6 KB 524ms
52ms Script
application/javascript 52.84.118.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compasscdn.adop.cc/js/adop_collapse_1.1.8.min.js
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.118.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-118-10.sof50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 23bafdfbbc6fac24847fcd5be286e85a8984a993ec24e8d23404f88f4becdd23

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 19 Mar 2021 00:29:34 GMT
Via: 1.1 5d680ce98dd8de93bed1cbbbd15a6f44.cloudfront.net (CloudFront)
Last-Modified: Tue, 02 Mar 2021 05:53:36 GMT
Server: AmazonS3
Age: 75484
ETag: "4ed4329162eb032061e9e4f37164c83b"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: SOF50-C1
Accept-Ranges: bytes
Content-Length: 5481
X-Amz-Cf-Id: PRxgXpwRfSwu8XjBqjndsG706N131z9IIExLtTnpUCO6M0H3nQp5Pw==

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 82 KB
27 KB 39ms
22ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd3bd81ea6cf3bbc82f89913fecca492e79318fef844c664a790ff2db72e5590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36103
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08ede938f60000c2d60221e000000001
last-modified: Mon, 15 Mar 2021 11:04:59 GMT
server: cloudflare
etag: W/"146fb-5bd91388499a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6329ab07ec11c2d6-FRA
cf-bgj: minify

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 58 KB
20 KB 32ms
30ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/03625cb4-a9b5-4bd2-aa05-02a729450db5/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

42d7b4c2ff1509e54e121eb189e782ba7cfa4f68a42f29e7feff7a2207e64b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 11 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19830
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 prebid3.16.1.js Show response
get.optad360.io/sf/ 245 KB
246 KB 8ms
7ms Script
application/javascript 2600:9000:206f:0:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid3.16.1.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/03625cb4-a9b5-4bd2-aa05-02a729450db5/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 43b453f67c688065a69564baa0d667e095d9b0976b7e702d37d2e9856e8992c5

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 18:51:05 GMT
via: 1.1 f358cf5f46d10c349187abd5e20e06cf.cloudfront.net (CloudFront)
last-modified: Thu, 04 Jun 2020 10:06:45 GMT
server: AmazonS3
age: 3291359
etag: "be838a885c1621ab4878eb4718b6dcc0"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 251074
x-amz-cf-id: YKV8mTXaHQP5PJfqq9IbbJUI7RPIoAV57QOQ4FQPb5Ae3ux9nXQp9Q==

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dacaf7a8a397ec2936a18971645c3caeaeb6350a5f7b63f31c4ed8179b8bed02

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/ 226 KB
85 KB 92ms
77ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9016872754181692&plah=ardra.biz&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76de05ef38c3493027e88617f808b48e1683e54a4e2989862d1afc85933f01eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86501
x-xss-protection: 0
server: cafe
etag: 16342648926818324530
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H3-Q050 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/ Frame 33F8 10 KB
5 KB 54ms
40ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210316/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUliZh74KCNIa5NVVkuRSvSBfj_6n7grSUHMyraC4p8z2gVHsw_bUzWmehdW
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 18:01:35 GMT
expires: Fri, 02 Apr 2021 18:01:35 GMT
content-type: text/html; charset=UTF-8
etag: 14488317231655078900
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4661
x-xss-protection: 0
age: 11128
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ 285 KB
100 KB 76ms
45ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
403 B 48ms
45ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ardra.biz&callback=_gfp_s_&client=ca-pub-9016872754181692

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9016872754181692&plah=ardra.biz&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e37cedb3827443e749251490ad025ecf14b1bcfc519b1537749fae84710ade18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 191
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 62ms
47ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 63ms
49ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D72F 73 KB
23 KB 441ms
440ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1913364358&adk=3023123312&adf=1391123618&pi=t.ma~as.1913364358&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188023152&bpp=20&bdt=678&idt=123&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7078662019081&frm=20&pv=2&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=1474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=NY2NNWfFBY&p=https%3A//ardra.biz&dtd=166

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

798e6fb3aeb368af9fecd8972841b0d2a611bdcc29cd7708e927843a7eaaa740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1913364358&adk=3023123312&adf=1391123618&pi=t.ma~as.1913364358&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188023152&bpp=20&bdt=678&idt=123&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7078662019081&frm=20&pv=2&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=1474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=NY2NNWfFBY&p=https%3A//ardra.biz&dtd=166
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 19 Mar 2021 21:07:03 GMT
server: cafe
content-length: 23704
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 19-Mar-2021 21:22:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 19 Mar 2021 21:07:03 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 169ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 74D5 4 KB
3 KB 784ms
784ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=WTu&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: df9ee30856a18a503e3737dff076da45f40e005d14e02e7fba207a9cb5cbb1ac

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: PFdpKU0akrMkp6_SiT_jHXGTfyOzQ7-jjlY5XkOuhEiW_oBrCT_FZw==

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ 58 KB
20 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/ST/d8b250e0-ab9b-43a9-85df-5c01cb0435d4

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 821 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ 2 B
96 B 1453ms
286ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210703&aid=94b863dc-e681-4e95-b250-163a7e569af4&zid=d8b250e0-ab9b-43a9-85df-5c01cb0435d4&r=29ui
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/ST/d8b250e0-ab9b-43a9-85df-5c01cb0435d4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ 107 B
799 B 159ms
86ms Script
application/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame D72F 6 KB
771 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1913364358&adk=3023123312&adf=1391123618&pi=t.ma~as.1913364358&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188023152&bpp=20&bdt=678&idt=123&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7078662019081&frm=20&pv=2&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=1474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=NY2NNWfFBY&p=https%3A//ardra.biz&dtd=166

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e47a27d91c2487289d6607ee10d7cb7b31944a5ed3ff5ffc86ec8526e9374af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:35:32 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D72F 2 KB
998 B 39ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame D72F 17 KB
7 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D72F 2 KB
1 KB 34ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D72F 117 KB
36 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D72F 13 KB
6 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H2 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame D72F 25 KB
11 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124323
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame D72F 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdxSVdxJVYOnuFM3a3wPmwbjIDO7SouJhyKH9n9MNloLNhYgWEAEgobSeO2CViriCyAegAd-b8sUByAEJqQIXHzB6dfGzPqgDAcgDywSqBMEBT9CFDJWaTgUkPGlPjAXLwdr1xQoa2VbeybjflOrgOJU3_RxS2L63iwUyWg0WrULhWVB2V7byYMi1PkUpuvh0BV5Dje2R0sJwjL0MW75piEByRu8Y8wa7g3h1RKUDeMsarfjvBX0H1FPE6bMCklPgNCZ4QRx_8d-1aSHvBkX-4DCrvr_rJ9TWuteU_jpJWCNIQrQdFz-kZihlu5x63KOtc7zKlTeK57l290GhttyaV4UA-qTF1qWyEQD0k4cvb0oENsAE_4TC5rUDkgUECAQYAZIFBAgFGASgBi6AB4nkjboCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEPL0DNIICQiA4YAQEAEYH4AKAcgLAdgTDYgUDLIXGgoYCAASFHB1Yi05MDE2ODcyNzU0MTgxNjky&sigh=ZKPGkCz0dCM&template_id=484&tpd=AGWhJmuFeEhXLTdiCKzuBLKJQZceN6siqI4rZkzX-FDMlEl5SA

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1913364358&adk=3023123312&adf=1391123618&pi=t.ma~as.1913364358&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188023152&bpp=20&bdt=678&idt=123&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7078662019081&frm=20&pv=2&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=1474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=NY2NNWfFBY&p=https%3A//ardra.biz&dtd=166
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 19 Mar 2021 21:07:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:03 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/476001994852198402/ Frame D72F 39 KB
39 KB 30ms
13ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/476001994852198402/downsize_200k_v1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55c41886d00b031bc18409143ba0ce360fed339edebe812ae52baf43a5051c83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 14:40:16 GMT
x-content-type-options: nosniff
age: 23207
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39475
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 09:31:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 14:40:16 GMT

GET
DATA 200
OK truncated
/ Frame D72F 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D72F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5bce33baf5bfed8ebff8e76adbb8d44ab78a22f91c32b8db235c1e2a339f539

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame D72F 15 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 19:52:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 177272
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:52:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame D72F 15 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 22:41:50 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:55 GMT
server: sffe
age: 167113
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15784
x-xss-protection: 0
expires: Thu, 17 Mar 2022 22:41:50 GMT

GET
H2 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame D64B 14 KB
6 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39784
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 74D5 19 KB
8 KB 55ms
12ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=WTu&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697598
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: HzBYSSUPe59k6_iAy1yesMNoIrQEBazGTaNoZPPBV3cKF-ANNurwJA==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 74D5 2 B
96 B 1162ms
291ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210703&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=T2wd
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=WTu&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 74D5 58 KB
19 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=WTu&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 60 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:04 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8050 55 KB
15 KB 424ms
424ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55cb41453b69db04709a43687e6c6372c7d96ca3317caa9b9115d0c8e14ec736

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlcwuhh2972qVxnkTCega5npp5CGNK7Z6qYXb35s2ez_yy-2C-kUCk0U7e7S6Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 19 Mar 2021 21:07:05 GMT
server: cafe
content-length: 15166
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 lazysizes.min.js Show response
ardra.biz/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 180ms
178ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.8.1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: f49e5eccbf420949ddb76cfa2ca1430c8f733b06fb2a35d8fed1182b41613530

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 06:33:21 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 3907
expires: Fri, 26 Mar 2021 21:07:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 5920
date: Fri, 19 Mar 2021 19:28:25 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Fri, 19 Mar 2021 21:28:25 GMT

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 118 KB
40 KB 119ms
63ms Script
text/javascript 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

594a3b9e1df9800dc10fb59f32cf38f1091a18d64317bf036c6372d1172df043

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-mnt-h: 10-2
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "b69471d52e8326c5f3106f967c9053b6"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Fri, 19 Mar 2021 21:07:05 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-4
content-length: 40063
expires: Fri, 19 Mar 2021 21:12:05 GMT

GET
H2 200 ads.js Show response
ardra.biz/wp-content/plugins/ad-inserter/js/ 112 B
201 B 180ms
179ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-content/plugins/ad-inserter/js/ads.js?ver=2.6.22
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 471eb448db387c12cd6fc0598c12f3c4410056426df3b43ada8dd0fad5fa6a74

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
last-modified: Thu, 18 Feb 2021 15:55:11 GMT
server: LiteSpeed
vary: User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 112
expires: Fri, 26 Mar 2021 21:07:05 GMT

GET
H2 200 sponsors.js Show response
ardra.biz/wp-content/plugins/ad-inserter/js/ 21 B
85 B 180ms
179ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.6.22
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: da1dbc82bb4abe400a3edc77dcd776fef666224893f7b0bd02ab88799c4eb220

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
last-modified: Thu, 18 Feb 2021 15:55:11 GMT
server: LiteSpeed
vary: User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 21
expires: Fri, 26 Mar 2021 21:07:05 GMT

GET
H2 200 autoptimize_2c95c6f89211616f5cf2740591331e4f.js Show response
ardra.biz/wp-content/cache/autoptimize/js/ 157 KB
54 KB 179ms
179ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-content/cache/autoptimize/js/autoptimize_2c95c6f89211616f5cf2740591331e4f.js
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 2cdeb295425a37a3db3e104555d8fa197e820b73f1c76f0ac0e94d60246d317c

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: br
last-modified: Wed, 17 Mar 2021 06:26:36 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 55661
expires: Wed, 09 Mar 2022 21:07:05 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74d9a7a7ec320f4f573d1e3b9973619796cc519e9610bb2ac20b27d720d5dbcf

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 486bf4580d9c44b68fbc985617299c80c32aeba569fa9a9ac8dcc3f5e5e83ba7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19f4cd225cfa3f6e4859fc01e28d501e629b812fea847af4f8f43a51ed276ade

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db5c0e9e0db8a7c6c919e8ccb511f9ca8073128eba825eb8ec1113daa4386881

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed61c9b7686e4bd72cd89e7b3c56d6fed8f9a5d5dc8731f816b32d4fabb43261

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf753eeea3d8c5f738612e219da1d90a3f0dc46d8ffc5c54b97ca1fc2ab762ad

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bda475c91788f248cdf75b323ba2f8f03e7453d294aca7216662430d1255a0fc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d60fd069833b391e741dab1a17e3ac007796f913f6985e0311cc5cbc5cf59272

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9ee01ee8903499cb90168df3d5de82fdcf4660511aa12e06207bca6ccfdf064

Request headers

Origin: https://ardra.biz
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 1815 4 KB
3 KB 785ms
784ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=BdF&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: fa885ed10e3f20297502fd35796562e2cf93f6c791f9868f7d2f086654d13d7e

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: 2KHzw16CunDPX62ZudBNQHhYhKOf3JViUBzZF_30lVlTQNEn92DEIQ==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 8F3C 4 KB
3 KB 782ms
781ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=T5F&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 5031bbaceb00e8b2b3a88a3b239e2132b465c5d3d4aa3e4f8f4cc51643df6944

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: 0Y_9fnBk1a8c9IzJ5tNdY6PyGD4tuApftEiBEXVnuboCSs_TaZ_UOw==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 4DF0 4 KB
3 KB 780ms
780ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=PQV&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 1e17883bff2afa2bba01768c13f88efc42833dcc150a6cfa74eb33c4942f542f

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: QnisPhE1q6cJ69VPDGBrjtlzQwvYp9QBj10Q1efV4H81oedVw9ieuA==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 1E55 4 KB
3 KB 771ms
771ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=XDL&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 76ca21e9ef499b5349f54c4be3bbe63d46188529b6dc0f345fe40f12ec12f482

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: 7sydBt-FsaqwDAufVH7uyysLug0juR7YpLye9MrsB-0u_LWncXaltg==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 5C92 4 KB
3 KB 776ms
774ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=9XN&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 5dac5f116f232cce83dd3b5b37ce2b25585dbc3f7a44a35346f83821e20a00fb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2131
x-amz-cf-id: eaLOf1Jvj-FMb_EsYK7Xf-2-bNaGJLHrm2GSuEGC0kpWmA2CaavaNg==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 9944 4 KB
3 KB 1024ms
1023ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=awa&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: c3369adffafe4377678318de580731f6a7b31030f9d0fb10256aa98d8ed94af1

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: q1ttliRs-bjzV80VgsLrdvD6YgWbFi31Ee3TZR6w4eTiPQUba1ghmA==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 2110 4 KB
3 KB 1031ms
1031ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=kwy&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: ddb95732f0fbdf94523e6d365e51a2c0c13721f1e9470fb83d79133591e335d9

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: O2k3msrBbhrpLSci6ZTvrhfv3qWLcVNgF-CYb72Qx7QOZozJzj151w==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 42C0 4 KB
3 KB 1037ms
1036ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=ITN&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: c73b926736c92744798f6533424416ae258cc01a851dafa7c9373a72046ddaaf

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: Vqkn13Kzcmibj8XJCUHqAHCUNtyyJLuGdbpq_BMikp_IMd-xr8Tr5g==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 2C79 4 KB
3 KB 1035ms
1035ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=qVY&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 4a8259a78ae7766821f45239f498f8f62f153a87b42480aafcd3921875f24296

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: G3akrn7jCP3irHlIZBsElbwwCi2-RGntTmHP7kxJMHoTjNEGAIBFoA==

GET
H2 200 2ba8e19b-7c60-4741-81e7-114f647c5da1 Show response
compass.adop.cc/RE/ Frame 56E8 4 KB
3 KB 1029ms
1029ms Script
text/html 13.226.159.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=bu9&percentage=false&size_width=300&size_height=250&
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-12.dus51.r.cloudfront.net
Software: /
Resource Hash: 22e74a3c1075c9b978c13a524cb9f173e023a34b581b1850469ef5b96f3977f7

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2129
x-amz-cf-id: zqWMTWD-dOdz9bRKYbQXECXhyq2MTToCJ4-zSU-1bm7W_XQJVJopTg==

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
62 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=855395949&t=pageview&_s=1&dl=https%3A%2F%2Fardra.biz%2F&ul=en-us&de=UTF-8&dt=ardra.biz%20%E2%80%93%20moralitas%2C%20mentalitas%2C%20intelektualitas&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAAABAAAAAC~&jid=905729203&gjid=1064183732&cid=1391176112.1616188023&tid=UA-78587304-1&_gid=1349068462.1616188025&_r=1&_slc=1&z=1594639199

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 74D5 2 B
96 B 291ms
290ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzAzIiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 74D5 285 KB
100 KB 30ms
30ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:05 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 8050 17 KB
7 KB 40ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8050 8 KB
780 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ae31abd20931ac70ca57381ebeed30009c8343f1fb257f0d90e64b6b137262ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:33:59 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:05 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/ Frame 8050 14 KB
3 KB 29ms
8ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 14:08:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197901
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 17 Mar 2021 10:40:55 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:08:44 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/ Frame 8050 358 KB
125 KB 30ms
9ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3b819d87250e134bb307e9d48f46fb011c0ba20ad01ba00fee85df3e6d05b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 14:08:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197901
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127888
x-xss-protection: 0
last-modified: Wed, 17 Mar 2021 10:40:55 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:08:44 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 8050 13 KB
6 KB 38ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8050 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQdfiUEGg_lMqet1fm-QAnfUygvDso5mhETEmsiXvrhVS50rAzOeoj75K_x_99aAFDFIpzbtVQps7Gq9ZjZcdEzoTIBdQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 74D5 0
0 39ms
38ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_urg_spr&pvsid=3144158387165560&vrg=2021031601&nw_id=223513049&nslots=1&eid=21065646%2C31060312%2C31060472%2C31060011%2C31060212%2C31060343%2C31060367%2C44733568%2C44739387&pub_url=https%3A%2F%2Fardra.biz%2F&start_time=1616188025552&end_time=1616188025552&n=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 74D5 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 74D5 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 74D5 69 KB
19 KB 232ms
232ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3144158387165560&correlator=4054789297923597&output=ldjh&impl=fifs&eid=21065646%2C31060312%2C31060472%2C31060011%2C31060212%2C31060343%2C31060367%2C44733568%2C31060505%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&cdm=ardra.biz&bc=31&abxe=1&dt=1616188025559&dlt=1616188023334&idt=2215&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=465&adks=3971509829&ucis=xdk2tldogm7m&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1391176112.1616188023&ga_sid=1616188026&ga_hid=126691589&ga_fc=true&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

1cd09717b774ba96f864a009438e5b77936530203257c9a658d7aab0df5c847f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19483
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 74D5 0
0 174ms
78ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 74D5 0
0 7ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 8050 0
54 B 106ms
106ms Other
image/gif 2607:f8b0:4002:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kmgsmdpk&c=6412236806603&slotId=3206118403301.5&qqid=CIqpgMmhve8CFc5IGQodsugLcw&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4002:815::2003 Atlanta, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8050 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 19:52:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 177274
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:52:31 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8050 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:51:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 353718
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:51:47 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8050 0
23 B 40ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cb4ZmeRJVYMqIBc6RZbLRr5gHlunr9mGL36HnlA2v6qK9wAEQASChtJ47YJWKuILIB6ABk8-Z-gLIAQWpAry8uD5wR7c-qAMByAObBKoE2wFP0Lw6UudybHpCUwb0xtVpXixO-XcQU5DFE0aKUvml2AQL4HMFmdsesZ0pxSVArYDDa8KCXF5MPnDU0jAABApQdsd28uAIP21mQuW6sWOz7wGvX4PotBWQAqU-yfTY1w2Aim0lSW2xChsKMXNZE5LgCx0GR8ve0JhGcX3Zdch5tskmqgzdP841gOz2wkTVLaLaWSddFBoUnaVTD5CTFVROqOXduQmdMj108SpmKCunPE-v4VyFA3unAnHPMjFEcuT3Nv9ZdoN0sxO__kM1q-vpHXZ0kg4_C6CoiffABOaWx-OrA-AEA5AGAaAGToAH1bDmhQGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB-ACgGYCwHICwGADAGwE_GP2QrIE_X6tgnQEwDYEwqIFATYFAE&eventType=clickstring&clientTime=1616188025584&ai=Cb4ZmeRJVYMqIBc6RZbLRr5gHlunr9mGL36HnlA2v6qK9wAEQASChtJ47YJWKuILIB6ABk8-Z-gLIAQWpAry8uD5wR7c-qAMByAObBKoE2wFP0Lw6UudybHpCUwb0xtVpXixO-XcQU5DFE0aKUvml2AQL4HMFmdsesZ0pxSVArYDDa8KCXF5MPnDU0jAABApQdsd28uAIP21mQuW6sWOz7wGvX4PotBWQAqU-yfTY1w2Aim0lSW2xChsKMXNZE5LgCx0GR8ve0JhGcX3Zdch5tskmqgzdP841gOz2wkTVLaLaWSddFBoUnaVTD5CTFVROqOXduQmdMj108SpmKCunPE-v4VyFA3unAnHPMjFEcuT3Nv9ZdoN0sxO__kM1q-vpHXZ0kg4_C6CoiffABOaWx-OrA-AEA5AGAaAGToAH1bDmhQGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB-ACgGYCwHICwGADAGwE_GP2QrIE_X6tgnQEwDYEwqIFATYFAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 8050 18 KB
11 KB 95ms
47ms XHR
text/xml 142.251.5.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DO5sTkq7VIrZgU-xm6R4N98mFPNM1dcv_oylGgP689XEzqoO0tvC5YyTv6PSiRnHrrg4s2S7Dw2S8m7EdEK0O19qZI9w&dbm_d=AKAmf-ARfgQ3gDB6xTTOD-0KigQ_9z3OmItNhnVAA0WGSlYtGrtlB7JCT0k3T8tjAqFEgjb78Mhdhvt1X-hiSUlH_ticB8mAi3TKAQ2LSH7UI-RLpQo2ILadQfFQqTUgZPlY8mnf_RXN3AVVqHhc9QjDnZ7jNARobHl2Ly6u94_9yXatjgiGy1PTNc1mxWibEpf_EJnxJtpYotB48ZbHW-WylzfKuVMtXPPRE_CSaBnPat1U3XvtzzvY6xuCKT4upTi7lO9BCcNaiHvSZFVrg0gcsWF8B8pMLy5GHRBqsBq3p2VHM56SQMcZaZCtaWP9Tkw2Deqekd4BzsMkM0HkFvFMC1XzmD0nkDB-huOcGjPuBGn8bfVjJz-IafZtwOMw9mKfS6tbLRrcdQ7wrp4Eu1dB4o3dswIzwaDamImTx5cOJpJXpKhv4BCb7-sGvseA7YZ0hBAPen7LaYITsHQnQWOc89uIXSVM93bWzpvYopvMEOEkI_Xh7lcu7CDYa5xwpgnrsfUqMRpbRgPA-iv10LIvktts7A69sgOfOSDd9wPK3KJNxODRyIbOpYuQ74CpeTwkDkypw-IUjFtcgM07oQ2RJ7S19MSyPiv3QcEr2NWh2wpBU_nysxGN432rCVNv1TCthMPEwto-44KZ9x_BlXDU8-QgoKJFP0e0CDsK8GTTA1JZOMN5G5qzoglH1XOEuKUJNdiUfDz9lElXfRHFYMJLigw7VtHYGTc7OsivXfpgvZF9_IMPhXi765aMGSsYmmu0cwMU8iAfGSZFp3bhoDfkTGjujrJp2_HYmRJiE9CX-4EIShWtAs0Xky2EZcdf_tnXNdcuByh96OqTS6400PKgy931ODuI8inNScsJ2osYIz0-7ABW7w1TocotDyS1OahuMmOQYNvNDETrR8QxoXGc0LVhOfV3vsvQAVb9JhVDM149xdelJtgGwaLehJik7-VqNbOJ-UncMEG6UjCbDkyhLfOlPmvvedJhskA77mYhqOt0dHtJRn6JU_30HT1ms_eO3iZFa9kofPsqEuGfheUoMOLmlzza-EhUo7SJbg11Bjrtat63Wyi8knrMZxOW3WXs6G9V4SYWuBRiQVVmlrFbneL_u9op676XOzQl9F75TKXpKvbD_pzEwNMWA68fhaIhvptH41328YSlYcJPJtABcPOyewP0AWg_3UWm5jX7ZWv5QBknwg4FFMy4an2br9XoAduCz4kJyqmVq5qHpxsnbkKYxTq3JleNvGn599jbZVp8v_BO2o3SgN021ut8DvYKNuiRcV4ZSsk_XHIV5YXKDuMb_x32gEiUqeBLuJgJKFHiP7HbEinubXppk4m-LAiuTiSXoNAo-W_npKkr58nNflybkyv4-AF_zF5tFUgKLRd5fouFEgEHrZOOADkIahIhVKJWY03AxDscoJ6lZTY9mqEKqXLYEzUMI2FWootfO19yEhd2glzH39nMFkScuHzy76qLhNvwRj0oFzyUEImyrvNuDYprv2vo1n65tABqWv9DF-OT3B4kZh-tg8iXJkaTXi5qUy1Mj7mn93ExsaTR7NH7Yz2qAMwuuSc15KXKixp4fbDOCbea74A7ZOHFmIgj7-QhRPJKwUPGDyUeABikosrma1clJXPDBZqsJ9-roZmUBRCKW_p0PRjmZEZr2SDb4_l7mXATaLHwk03piy3fz5MT4LlY1Io2tQVPtG659H-bRB_kkXL-9Z8XkpmaEc67AXnDf-3_3ugZPfio8XzcHiN39TsMyVWgDlUK68QkEhv9xhACnxuFWw8u7v3Gsx6hZtOD1y5pJs2h6HprwnesdWVmqt18wRKfWp_3T6KOOZfgu7BnPI9EtpEV9Z5rOLzxSi6MphwwGIlmOilvpUr2rivl8_bGnnsvGpIuAXsTRp2n3zlb8MINuMLSIbulBtdW2K5Soo8Dl595Oo4zrghchl8Qqn_MSJ5KJ3GEqpKSbMo2FV3RsAxbHHpZuSHQT7Yt-44UCO9mkl__hvTBos8sb-FO2d0u-NxHDJbu38AGXAhDEAFUpz-ZkoDlivdGU6darcucKpl75zEVX38sTiDvfGROh9HCD8-9dGgPTRA_Z2NfnUlwGeqYQHwjX4TB8I-OPCsEWqIqwhRoz_O2K6rLQFii43u3XphyqnTejvqCpPVRsTDmTYrGMS1d0SxNR5xGhY7ivCW96oH26tKFD1zU0_olSZNXdMKc1XGKkUVH35b7WMiDLby529v854YP5ebO1k3WR_J5YwE_2wjWZrBbGlVaGvHZ5z88eNhi8aMOHpMJU2bMkz6LE_zg2ETn249M04r-0mDYr7vcfQrtAd4d4WUfyMtUiNaP2Vs97WbPbNtXGhHqZXORGGkYSUxb1Z3FyPRNyxIRkluEBSiZORLQWW7TlnzSRnpiqDQNcgrHVaEm_y0ABKTlVBc-Mu9O6PXX5Xawq5VkMFdktZ4s-c-oz6s0d_4oR84Ysp1uNP2zqFBpRYbMxtcD9KOfDqD_MLImort0LrGPaeJCABshe7rujP-TAwDtwmqGvq0-HjpkMn7rQm5RGfn6QenQGdah3r5oKmsul78gfmwVI9arO8iUc27JgvQgL-Nxdie4VVxrCgpfYRHtYsh0z7X0fccrkCGW7zhJe_iYsfL1XAzaRk0sjPZtA_em4BziRNZh-pIcVc-HM6QHXh_e2V_6-RGz7ZohY7FC4FLtbjU0FxrS8T6CKZlwr9RFLjckX0-gCxUNYN5NwvaBYNPhcnZe_tzMy061PayKjqpAxShespovIPU5sqZiuiHRNV_i0ymiOvVWp4F88U4KQBExdPo3uZR7TSIkYEAWvcqPm-8JjAW_200HwtDA4JMTrNowPda4BO1i2n6MlJtIPQECn0qlPmNXVKyP8yOQOgiLY9bM6DWVnT5vp1AGK4ayCS3kR89IYSGPeBYwgyH59k0&cid=CAASEuRoYJczOtDuy8Jw9MTmHA2LKg&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.5.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4dcc367c60026b0f7fa3110fcc009cb643afccbd9b3732b02e00b80c0e14f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10672
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8050 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRQxkeRJVYMqIBc6RZbLRr5gHlunr9mGL36HnlA2v6qK9wAEQASChtJ47YJWKuILIB6ABk8-Z-gLIAQWpAry8uD5wR7c-qAMByAObBKoE2AFP0Lw6UudybHpCUwb0xtVpXixO-XcQU5DFE0aKUvml2AQL4HMFmdsesZ0pxSVArYDDa8KCXF5MPnDU0jAABApQdsd28uAIP21mQuW6sWOz7wGvX4PotBWQAqU-yfTY1w2Aim0lSW2xChsKMXNZE5LgCx0GR8ve0JhGcX3Zdch5tskmqgzdP841gOz2wkTVLaLaWSddFBoUnaVTD5CTFVROqOXduQmdMj108SpmKCunPE-v4VyFA3unAnHPajD2GOzd1uvLuA3a85oR-Ofim0Q-BtGR2qnyZrjABOaWx-OrA-AEA4gF0vbi4y2SBQYIAxADGAOSBQYIGxADGAOSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBk6AB9Ww5oUBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RvYBwDyBwoQstUWGNah2Z0B0ggJCIDhgBAQARgfgAoByAsBsBPxj9kKyBP1-rYJ0BMA2BMKiBQE2BQBshcaChgIABIUcHViLTkwMTY4NzI3NTQxODE2OTI&sigh=5Rc1oiDzDOc&cid=CAQSPACNIrLM5jp0tC4_CPJ2HZBTBWzA_KIIvilaW7xkuGOThFz6TIlut08CEiAHm6lzXQvpULTsx70QwZEelg&vt=10

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 19 Mar 2021 21:07:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0DF6 1 KB
854 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64376
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8050 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38bfe27aa55466c19326517fc58873a4683f89eca960702c0917b934fb084bd3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.js Show response
ardra.biz/wp-includes/js/jquery/ 281 KB
80 KB 180ms
180ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-includes/js/jquery/jquery.js?ver=3.5.1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
content-encoding: br
last-modified: Tue, 15 Dec 2020 18:09:28 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 81915
expires: Fri, 26 Mar 2021 21:07:05 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 0DF6 35 B
463 B 126ms
109ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELIauGuIus0VjvHXkxHKVk0&google_cver=1&google_push=AQvitUIuOAcUvEPfX2V-jze_eIioIjtLR1C3xFp-6NoRGCdGvKWIVS0KJeku6Y17WcagT5wp9qRdhL5Nu-H7R7vXdYBPystl2RS-

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0DF6
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEEKOOdrgygtTANPZaVYED1g&google_cver=1&google_push=AQvitUIii5-VFi3t6z3duO0tolPV7AlCh2FuUHwIhnHR-1Ec6KgQqp5S_XaMomJ-Ty8VwqA7_Smh0UIHv4dRiG2z7Ren3VnVr7yK
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VFS09PZHJneWd0VEFOUFphVllFRDFn

170 B
243 B

34ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VFS09PZHJneWd0VEFOUFphVllFRDFn

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:05 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VFS09PZHJneWd0VEFOUFphVllFRDFn
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0DF6
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc
https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&google_hm=apxhMZn9yiEuiS80OTs60A==

170 B
190 B

60ms
60ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&google_hm=apxhMZn9yiEuiS80OTs60A==

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIW1zl5Gnf2esiS2ryLudV49Mk6eASCrkW9hIQ4WidHh18adfILbkR4s4T6Zy_rvvtY1s_LQV6LNU0f589iDkaA7MKDcuc&google_hm=apxhMZn9yiEuiS80OTs60A==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: uki542o1jce24gedt0q1vpns0p7iiq90

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0DF6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=-UhCSG2tTQag-l__RyqSaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

59ms
58ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=-UhCSG2tTQag-l__RyqSaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ0_bf27XD7NcaEcrD2oyZ-Z8lRIoSOa-6OeC3UMYFPzOHcUsRVah0TFUfLeI0zNW8MWtgmxf9d8AVZ0seY54RaLFLe_IY

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=-UhCSG2tTQag-l__RyqSaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ0_bf27XD7NcaEcrD2oyZ-Z8lRIoSOa-6OeC3UMYFPzOHcUsRVah0TFUfLeI0zNW8MWtgmxf9d8AVZ0seY54RaLFLe_IY
Date: Fri, 19 Mar 2021 21:07:05 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0DF6
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEN9t-IyN9DfxbEYFgJHZnQM&google_cver=1&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt8...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01EVUctQy1HNTNK&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt88G9yRhcbITJwMmMssch58wC0

170 B
190 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01EVUctQy1HNTNK&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt88G9yRhcbITJwMmMssch58wC0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01EVUctQy1HNTNK&google_push=AQvitUJGybFkPHMVKhVBjx-2wYmQ9voXBinl30vPGx43PuANXKmOX3tSx89m6DiXa9xXu7PDGt88G9yRhcbITJwMmMssch58wC0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0DF6
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSeShB-UEjDYPwW8qjkAAABFAAAAIB&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiG...

170 B
190 B

57ms
57ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSeShB-UEjDYPwW8qjkAAABFAAAAIB&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiGyBDsmpcnRg&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSeShB-UEjDYPwW8qjkAAABFAAAAIB&google_push=AQvitUKKY6zT8SA87zFgC56yGfcdf7RyD7XYQPKiy_oHgvn45brsR7DtqpeuUapXbkb5nJmm9T9f94OsOHf90S1BiGyBDsmpcnRg&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 trk
ag.innovid.com/ Frame 0DF6 43 B
296 B 131ms
20ms Image
image/gif 2a05:d01c:1d8:8102:73b:46ad:270f:ab37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEN3znwTAofdGomJoLDan4go&google_cver=1&google_push=AQvitUKZQdK4b4N6xetjZ10WfQEI1FCQYwANh31AOJXeR6E7sMtCVr42iHbDpaR7kzn_c3U8wvn6sKw7h7IgmigZT9bf7HYFx0oi
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:73b:46ad:270f:ab37 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:05 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 0DF6 0
50 B 31ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K81ANY2exfkb4fJwAth8JMqgZtQkjBQXqA93_dlkt1NRF2EOPxzvhWaYTDnnAMOzklWkTF

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=280&slotname=1504945216&adk=2983194531&adf=232430391&pi=t.ma~as.1504945216&w=660&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&psa=0&format=660x280&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1616188025010&bpp=2&bdt=2536&idt=2&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=676&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w&pvsid=47452290458557&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=MpgBeDa9XY&p=https%3A//ardra.biz&dtd=35

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:05 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 22ms
7ms XHR
application/json 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210319

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid3.16.1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

846af461e0124fe361072318117c8fd1f70925243f6d3504554b2378ace9a806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 36248
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 754
etag: W/"53a-oPzSytZtBcfFrazXop3TGDR6IFU"
x-served-by: cache-fra19144-FRA
date: Fri, 19 Mar 2021 21:07:05 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FBED 5 KB
647 B 86ms
86ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&adk=1812271804&adf=3025194257&lmt=1615962396&plat=1%3A32776%2C2%3A32776%2C8%3A134217792%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fardra.biz%2F&ea=0&flash=0&pra=7&wgl=1&dt=1616188026168&bpp=1&bdt=3694&idt=1&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280%2C660x280&nras=1&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=21

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e48bb88098d48ee1c703e7b30a96182cda9e15878a343d56aab653e1dd61d0a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9016872754181692&output=html&adk=1812271804&adf=3025194257&lmt=1615962396&plat=1%3A32776%2C2%3A32776%2C8%3A134217792%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fardra.biz%2F&ea=0&flash=0&pra=7&wgl=1&dt=1616188026168&bpp=1&bdt=3694&idt=1&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&prev_fmts=660x280%2C660x280&nras=1&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=21
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlcwuhh2972qVxnkTCega5npp5CGNK7Z6qYXb35s2ez_yy-2C-kUCk0U7e7S6Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 19 Mar 2021 21:07:06 GMT
server: cafe
content-length: 599
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 53046022 Show response
unified.adsafeprotected.com/v2/598502/ Frame 8050 18 KB
4 KB 217ms
80ms XHR
text/xml 3.248.141.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/598502/53046022?omidPartner=[OMIDPARTNER]&apiframeworks=[APIFRAMEWORKS]&bundleId=[BUNDLEID]&originalVast=https://ad.doubleclick.net/ddm/pfadx/N958828.3665442DV360/B25324895.296039969%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://ardra.biz/%3Bdc_ves%3DdGltZXN0YW1wOiAxNjE2MTg4MDI1NjgyCg%3Bdc_cid%3D146806333%3Bdc_adid%3D489988757%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.141.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-141-37.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fac539cb302b90dbbabf6a10fb47e163970ca504451de0deace551cb4adfd6f4

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 19 Mar 2021 21:07:06 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 3771

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 22ms
22ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11381990
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08ede9456f0000c2d631b3e000000001
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6329ab1bd87cc2d6-FRA
cf-bgj: minify

GET
H2 200 Pendapatan-Disposibel-624x307.jpg
ardra.biz/wp-content/uploads/2016/12/ 46 KB
46 KB 180ms
179ms Image
image/jpeg 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ardra.biz/wp-content/uploads/2016/12/Pendapatan-Disposibel-624x307.jpg
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 617b4de6f30f283d9fad8503dd4a99d0b67a2cfbd67e373d55a8180cb23a7480

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
last-modified: Sun, 23 Aug 2020 16:21:48 GMT
server: LiteSpeed
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=86400
accept-ranges: bytes
content-length: 47349
expires: Fri, 26 Mar 2021 21:07:06 GMT

GET
H2 200 ads.png
ardra.biz/wp-content/plugins/ad-inserter/images/ 95 B
206 B 184ms
184ms Image
image/png 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ardra.biz/wp-content/plugins/ad-inserter/images/ads.png
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
last-modified: Thu, 18 Feb 2021 15:55:10 GMT
server: LiteSpeed
vary: User-Agent
content-type: image/png
cache-control: max-age=86400
accept-ranges: bytes
content-length: 95
expires: Fri, 26 Mar 2021 21:07:06 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 71 KB
16 KB 246ms
246ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=47452290458557&correlator=3516633950379543&output=ldjh&impl=fifs&eid=31060469%2C31060496%2C31060525%2C31060367%2C31060505%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=121764058%2Cardra.biz_atf&enc_prev_ius=%2F0%2F1&prev_iu_szs=750x100%7C728x90%7C700x100%7C700x90%7C640x100%7C640x90&eri=5&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&cdm=ardra.biz&bc=31&abxe=1&dt=1616188026244&dlt=1616188022474&idt=867&frm=20&biw=1600&bih=1200&oid=3&adxs=631&adys=83&adks=2503024182&ucis=1&ifi=5&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=750x100&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=false&fws=132&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d5cd4201e4638343fd1efdaff784ea241d13c5b66dacf732b0734aa483072eec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16618
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 67ms
52ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 7ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 84 KB
28 KB 272ms
272ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=47452290458557&correlator=2035189147895668&output=ldjh&impl=fifs&eid=31060469%2C31060496%2C31060525%2C31060367%2C31060505%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=121764058%2Cardra.biz_am_s1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x300%7C336x280%7C360x300%7C700x100%7C700x90%7C640x100%7C640x90&eri=5&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&cdm=ardra.biz&bc=31&abxe=1&dt=1616188026251&dlt=1616188022474&idt=867&frm=20&biw=1600&bih=1200&oid=3&adxs=856&adys=340&adks=3533315679&ucis=2&ifi=6&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x250&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=false&fws=132&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

58cb6b1da180a0fb136ff3f3061e29b18311d05310ef795a30a07660ed4a845c

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMHrysmhve8CFdLuuwgdT30D4Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/10470558476792580260/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMHrysmhve8CFdLuuwgdT30D4Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/10470558476792580260/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27779
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Fri, 19 Mar 2021 21:07:06 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
11 KB 320ms
319ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=47452290458557&correlator=3821200957503130&output=ldjh&impl=fifs&eid=31060469%2C31060496%2C31060525%2C31060367%2C31060505%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=121764058%2Cardra.biz_w1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x300%7C336x280&eri=5&cookie=ID%3Dead2f7111696c403-22c4390a23a700f0%3AT%3D1616188023%3ART%3D1616188023%3AS%3DALNI_MZWBQvbwK-S1zvJt--ut-5qR93v0Q&cdm=ardra.biz&bc=31&abxe=1&dt=1616188026257&dlt=1616188022474&idt=867&frm=20&biw=1600&bih=1200&oid=3&adxs=155&adys=253&adks=44061878&ucis=3&ifi=7&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x250&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=false&fws=132&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

36150b70f7efd9527145b69185554111b883de7fe23918156767d9d3cd5da6d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10785
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 74D5 8 KB
7 KB 64ms
51ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d756f6c1663fe82079aa01ef22f800dd74ea71fb37c061d970c8ab0f60d70690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6587
x-xss-protection: 0

GET
H3-Q050 200 container.html Show response
d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 1ACE 6 KB
3 KB 165ms
124ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?v=1-0-38&n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:05 GMT
expires: Sat, 19 Mar 2022 21:07:05 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 74D5 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 1E55 19 KB
8 KB 14ms
14ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=XDL&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: GIIkk28i_JV-SHWNnkj6zuGYKZWdpDLu0fO0ojas1KV3gwBX1B0_bg==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 1E55 2 B
96 B 291ms
291ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=j16P
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=XDL&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1E55 58 KB
19 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=XDL&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 861 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 1815 19 KB
8 KB 14ms
13ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=BdF&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: dUvrIDKYIBMO6Vgj1wXZAqxgFBSBqDPvY0k3--DcJQCYU6qwaa7pbg==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 1815 2 B
96 B 287ms
286ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=vmez
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=BdF&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1815 58 KB
19 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=BdF&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a8fdd3fb782c7e4715c3fed393d03da25b67bbb2b98d7deb3882aa78db3a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 395 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19811
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 8F3C 19 KB
8 KB 13ms
12ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=T5F&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: LnB9D9IB0V7mIFY2PShjQOQ-suqlwr_kR_va-LLisAaHyTaZxvGXdw==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 8F3C 2 B
96 B 572ms
286ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=1xp3
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=T5F&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 8F3C 58 KB
19 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=T5F&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 729 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 4DF0 19 KB
8 KB 13ms
13ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=PQV&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: pKe6u5MMRJ2E-V7KgYzw5iawLAZUN1-t0LI-74ILxtq-DPqNZ2Wrfw==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 4DF0 2 B
96 B 593ms
292ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=Dtsn
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=PQV&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4DF0 58 KB
19 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=PQV&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb0d29a0e37e475f9a96298f57393125f1b909871e800c36d4b6e8cb8bcfe776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 239 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19837
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 5C92 19 KB
8 KB 12ms
12ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=9XN&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 6RGAGBmp5WXfTvdxgHMRg7jSSjRHsHibvpIbV2TnlhstId2baJlLuw==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 5C92 2 B
96 B 856ms
285ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=uAGw
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=9XN&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 5C92 58 KB
19 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=9XN&percentage=false&size_width=300&size_height=250&

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 573 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 jquery-migrate.min.js Show response
ardra.biz/wp-includes/js/jquery/ 11 KB
4 KB 180ms
180ms Script
application/javascript 5.181.216.219
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://ardra.biz/wp-includes/js/jquery/jquery-migrate.min.js?ver=5.7
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.181.216.219 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS: srv108.niagahoster.com
Software: LiteSpeed /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: br
last-modified: Tue, 15 Dec 2020 18:09:28 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 3995
expires: Fri, 26 Mar 2021 21:07:06 GMT

GET
H2

200

apn-usync
router.infolinks.com/dyn/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=0

35 B
549 B

176ms
134ms

Image
image/gif

172.67.39.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=0
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6329ab1fcabbfa64-AMS
content-length: 35
cf-request-id: 08ede947dd0000fa64010b8000000001
expires: Thu, 19 Mar 2020 21:07:06 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:06 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 726.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.241:80
AN-X-Request-Uuid: f6f3d91f-0d25-4269-9c8a-91b5587348e3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 74D5 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
313 B 17ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
313 B 15ms
14ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E1AA 78 KB
23 KB 721ms
721ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=600&adk=3985668065&adf=1196703320&pi=t.aa~a.2979750109~rp.4&w=248&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&to=qs&pwprc=7997325349&psa=0&format=248x600&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1616188026471&bpp=3&bdt=3997&idt=3&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280%2C660x280%2C0x0&nras=2&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=181&ady=1766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=XdjDefdH6O&p=https%3A//ardra.biz&dtd=138

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b8b569ac53720feafbdc45c061009d2609a50814723c36dc87fd56ac3148355

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9016872754181692&output=html&h=600&adk=3985668065&adf=1196703320&pi=t.aa~a.2979750109~rp.4&w=248&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&to=qs&pwprc=7997325349&psa=0&format=248x600&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1616188026471&bpp=3&bdt=3997&idt=3&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280%2C660x280%2C0x0&nras=2&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=181&ady=1766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=XdjDefdH6O&p=https%3A//ardra.biz&dtd=138
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 19 Mar 2021 21:07:07 GMT
server: cafe
content-length: 23655
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 19-Mar-2021 21:22:06 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 19 Mar 2021 21:07:07 GMT
cache-control: private

GET
H2 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 8050 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 13:10:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 201371
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 13:10:55 GMT

HEAD
H/1.1

200
OK

file.mp4
r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 8050
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

22ms
6ms

Fetch
video/mp4

2a00:1450:4001:29::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7067AE55570BC46B2061A25947F728DD6F96917B.3D0D9DF6BEC49084473CE2E28A7DFE57373E26BF/key/cms1/cms_redirect/yes/mh/u3/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1616187389/mv/m/mvi/4/pl/47/file/file.mp4

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:29::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 19 Mar 2021 21:07:06 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 3928863
Last-Modified: Fri, 26 Feb 2021 10:43:46 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Fri, 19 Mar 2021 21:07:06 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:06 GMT
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7067AE55570BC46B2061A25947F728DD6F96917B.3D0D9DF6BEC49084473CE2E28A7DFE57373E26BF/key/cms1/cms_redirect/yes/mh/u3/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1616187389/mv/m/mvi/4/pl/47/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 9EB9 185 KB
53 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206230
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9EB9 12 KB
5 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206230
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9EB9 87 KB
27 KB 46ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206230
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9EB9 3 KB
1 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206230
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9EB9 40 KB
13 KB 47ms
25ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206230
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
DATA 200
OK truncated
/ Frame 9EB9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 525d962f74351a37a67b8fc493db03b35a0d1076fb68e5fe4e092c365e25d970

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 8363675585706115765
tpc.googlesyndication.com/simgad/ Frame 9EB9 42 KB
42 KB 9ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8363675585706115765?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlNaLDhPK92xR6Pbwus7mVBuNQTKw

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccd8290fddf67fde39c51530515555cf2edb5e429cb719819399305ebaa57fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:27:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 11:02:13 GMT
server: sffe
age: 38396
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42505
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:27:10 GMT

GET
H3-Q050 200 id.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9EB9 3 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/id.png

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 13:50:04 GMT
x-content-type-options: nosniff
server: cafe
age: 26222
etag: 12948112503563494795
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3020
x-xss-protection: 0
expires: Sat, 20 Mar 2021 13:50:04 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9EB9 344 B
439 B 12ms
11ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 06:19:42 GMT
x-content-type-options: nosniff
server: cafe
age: 53244
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sat, 20 Mar 2021 06:19:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9EB9 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQkNAfIgsFlLLejpwhbXPpKIuQKbJHR52mxIgAm6RErN9N6BbxCxTx3caAnIFl8PCIYhxrag1masZPyZW8rJKR5Bo5tew
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9EB9 0
0 61ms
60ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNOH2ehJVYPz7FtmW7_UPwJSOwA62npjIYcqez7u4DdnZHhABIKqAwyJgufjHgNwBoAHvspbiAsgBAqkCFx8wenXxsz7gAgCoAwHIAwiqBNcBT9Cm406Uq7Y51Tq0buAyStUw2IqH1QxoWfr76y29kgs3-t_N2DMF3jq1mAcCf9JHpQzySZkOcNPCC1kNoXKtst8RCkgIPo7admnmLg-hJVyzMhAka0dMFxqqsXcujCm2i6cL_dkKNda9SPWwolc1eHI1Jv6thLLSP0zqbxA6MzTmZ-_kY5wrT0z_m02pnDJT8QDVkhvNr0P6P2K5nOh9ywTYiTmVhQr7Mjuh5szC1IIfLxZew4OiOP7TUX2wPEUf--NhPZCGCf-S7AUhAl0NOAZ4Go3BNQnABPK635WSAuAEAZIFBAgEGAGSBQQIBRgEoAYCgAf5zOmdAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDB3QHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTk0MTM4MzkyODk1ODc2ODKACgPICwHYEw2yFxoKGAgAEhRwdWItNTUxMjM5MDcwNTEzNzUwNw&sigh=WvHQXDw8bCw&tpd=AGWhJmt88KhuSjrE5i_O1dDfYIK8e_43cHEF3HBwMIdhqQopaA
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 9944 19 KB
8 KB 12ms
11ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=awa&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: XBRjyxrzIZ2ljjjnoDaC9FBqKcwpN7gWPWd7UE99XCiXlEohQV6CUQ==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 9944 2 B
96 B 454ms
286ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=9L2T
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=awa&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 9944 58 KB
20 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=awa&percentage=false&size_width=300&size_height=250&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 705 of 1000 / last-modified: 1616152376"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 2110 19 KB
8 KB 11ms
10ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=kwy&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: fRFCBh0q8q9-kKCjqca4J7Z_JAjQVbKMr5nF1mag4kWxIdGf0FCoxQ==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 2110 2 B
96 B 530ms
341ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=cIOy
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=kwy&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2110 58 KB
19 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=kwy&percentage=false&size_width=300&size_height=250&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb0d29a0e37e475f9a96298f57393125f1b909871e800c36d4b6e8cb8bcfe776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 221 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19837
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 42C0 19 KB
8 KB 10ms
10ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=ITN&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: kkjYTkSMzm9aJ9xWZw4c5gUSyARv8QS9sCUxLnHa48drbZxc0srPag==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 42C0 2 B
96 B 512ms
321ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=DPBp
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=ITN&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 42C0 58 KB
19 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=ITN&percentage=false&size_width=300&size_height=250&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3b40efb9884b3b3e0264f096160c5191a251b1862612e46e6af88ce632db99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 424 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19837
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 56E8 19 KB
8 KB 11ms
10ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=bu9&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: _zdbD9J7u3-C9y2epmcjxGqiOMSL4g5JHj5xUCL0v0_LuB444CzYPg==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 56E8 2 B
96 B 735ms
286ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=p6ij
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=bu9&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 56E8 58 KB
19 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=bu9&percentage=false&size_width=300&size_height=250&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

707089c9677a5eb7c4f3d8a16b02ec9dc546df8a0149f70500eb4b243f91eca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 186 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19836
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 2C79 19 KB
8 KB 10ms
9ms Script
application/javascript 2600:9000:2182:9800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=qVY&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 3697600
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: TE8IaT4AW5LPpxzbPVuWcw4O9OADDhpqbGZ06JFdGWCkpVdmIRD4ZQ==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 2C79 2 B
96 B 734ms
287ms Script
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210319210706&aid=3cf3bd1f-f9ed-480f-a6f5-b78356d6abb7&zid=2ba8e19b-7c60-4741-81e7-114f647c5da1&r=fiak
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=qVY&percentage=false&size_width=300&size_height=250&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2C79 58 KB
19 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/2ba8e19b-7c60-4741-81e7-114f647c5da1?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=2ba8e19b-7c60-4741-81e7-114f647c5da1&type=re&loc=https%253A%2F%2Fardra.biz%2F&rnd=qVY&percentage=false&size_width=300&size_height=250&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a8fdd3fb782c7e4715c3fed393d03da25b67bbb2b98d7deb3882aa78db3a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "817 / 363 of 1000 / last-modified: 1616152526"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19811
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H2 200 container.html Show response
f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 3537 6 KB
3 KB 23ms
21ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:06 GMT
expires: Sat, 19 Mar 2022 21:07:06 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 container.html Show response
f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame A597 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:06 GMT
expires: Sat, 19 Mar 2022 21:07:06 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 1815 2 B
96 B 363ms
299ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 1E55 2 B
96 B 369ms
291ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 436D 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10886
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pubads_impl_2021031801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1815 286 KB
100 KB 33ms
32ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

ecf0ffde6e56a2c058421a0ca1a3446a00d047de48239cd168f7eb93a07a9269

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Mar 2021 08:39:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102478
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1E55 285 KB
100 KB 32ms
31ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H3-Q050 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame A84A 23 KB
9 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8727
date: Wed, 17 Mar 2021 13:10:56 GMT
expires: Thu, 17 Mar 2022 13:10:56 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 201370
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 1ACE 6 KB
3 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
URL: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121516
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H2 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 1ACE 144 KB
54 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121505
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1ACE 3 KB
683 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 19:55:51 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 1ACE 2 KB
988 B 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 1ACE 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 1ACE 2 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1ACE 117 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:06 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 1ACE 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 1ACE 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQrLtThU1HTqyqNo0UobHTkUGCMGcedfMvpKBld7h3w2Ue4b0nIodOf6uydchZCrG72tYJACx0k4rysWZDUegRLnKvNQw
Requested by: Host: d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
URL: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 1ACE 25 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124327
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 206 file.mp4
r4---sn-4g5e6nez.c.2mdn.net/videoplayback/id/a2c5603594856e28/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3758784227/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 8050 256 KB
0 18ms
10ms Media
video/mp4 2a00:1450:4001:29::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:29::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 19 Mar 2021 21:07:06 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-3928862/3928863
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 3928863
expires: Fri, 19 Mar 2021 21:07:06 GMT
last-modified: Fri, 26 Feb 2021 10:43:46 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 8F3C 2 B
96 B 328ms
282ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 4DF0 2 B
96 B 494ms
285ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9EB9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

36ms
35ms

Image
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Fri, 19 Mar 2021 21:07:07 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 3537 2 KB
919 B 10ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3537 0
0 64ms
61ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsT6zehJVYOPEErnD7_UPrK-1KLiei-Nh87iEheQLtcWV8tkaEAEgqoDDImC5-MeA3AGgAba5r9gDyAEJqQJTaooA-vKzPuACAKgDAcgDmwSqBNwBT9CoCoNQocAbuPgOA5AQy0QEXQjTTs0sQ_A2dU_zWPHPhOCW6_EeD71BUsQBdZXgEUtTP3Rw2SHuzphnKAjOIwJsG7CIuEq21VEVNti9ougUHfOJH6NTQ8o8EPJtBAi3zGNBaFs1lHRAMxBkL7GSXWlWNvirPrY89PfmOdWQ2meFSMrHa8pBJGdi1RYKmei7fg2eKvmOg2pZ0sW_kA1RZSCM6qfSWCCdRwqdgxzk9_FXG9CZA9_fwa10PTpg2SV6MEXywD8QvRf_LdbGNrxcmUCpZXm1MBNpueq4FMAEr6W1v_oC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7LG0CeoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcDEKJs0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05NDEzODM5Mjg5NTg3NjgygAoDyAsB2BMOshcaChgIABIUcHViLTU1MTIzOTA3MDUxMzc1MDc&sigh=v0vfE_394xg&template_id=494&tpd=AGWhJmsoplYbkR0o6F24XYQs5PUK8KgNZI4_ig68mnbw8Om4kA
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 3537 17 KB
7 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 3537 2 KB
1 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3537 117 KB
36 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 3537 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 3537 0
0 18ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJcxxr_lbI0yfsLW4jSNT0YiOdWc_vChJ8mi5phf3d5Ku9-4y2vwlTm4MrpjUfkkdCqsYyqXGYssbt1aUqbdkoGDC0aw
Requested by: Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 3537 25 KB
11 KB 41ms
15ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124327
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8F3C 285 KB
100 KB 35ms
33ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/ Frame 99B0 11 KB
4 KB 9ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c545c406db9f50b811b4f83defa41e1e320eda0f1c1b589354773450087f4c07

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/10470558476792580260/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3279
date: Wed, 17 Mar 2021 07:40:25 GMT
expires: Thu, 17 Mar 2022 07:40:25 GMT
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 221202
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A597 0
0 60ms
57ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cy8SMehJVYMHGEtLd7_UPz_qNiA6Xn9GXYZn164yvDa4CEAEgqoDDImC5-MeA3AGgAdDGo-EDyAEJqQLuCsJ_M29_PuACAKgDAcgDCKoE1QFP0BP5ocMgYrzSKirCtgSC7wo1JI3JziEARtnn2VptFBSJgssjffB-FKQ4apXsRQGOFPJ_tb0qxsFA1A7dp7UVragyh3k9TLPnF1VYRTJ7esarkfaJcSJmyXmLIj1qs7Bjj2b4rprgVUEayTqPvjk3P_P4cHCgFCY-uvkrjwCyLJrbCBTngH3-US5qcykDzMMedyUMk2PBdUqWaP7lVUe__B76wqa3zuKQY8Xs3s3roP2eW94RpVexKE48q_zwGsZGCXLMsxN8fwcJ_w04F7zhE5sxWvTABJ-a4NCZAuAEAZIFBAgEGAGSBQQIBRgEoAYugAeYudweqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEM6-A9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTQxMzgzOTI4OTU4NzY4MoAKA8gLAdgTDJgWAbIXGgoYCAASFHB1Yi01NTEyMzkwNzA1MTM3NTA3&sigh=0Z6bmeVR47Y&template_id=419&tpd=AGWhJms5WGMEkMvSsE-ASSk2q5uQeufiBNazvtJ5OsIF1jUPDg
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame A597 17 KB
7 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame A597 2 KB
1 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A597 117 KB
36 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame A597 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 200 pubads_impl_2021031701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4DF0 285 KB
100 KB 30ms
30ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 08:39:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102424
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1E55 107 B
146 B 18ms
17ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1E55 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E55 47 KB
11 KB 255ms
252ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=88381192829480&correlator=1716873631241004&output=ldjh&impl=fifs&eid=31060367%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188027129&dlt=1616188025406&idt=1707&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=60532&adks=3971509829&ucis=e5e0cnq9fdra&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1836710056.1616188027&ga_sid=1616188027&ga_hid=1496275265&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

784c2637c3604a3e126b7833fe7484d566e9c325e0b746a3b378c38417d00a3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11346
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 1E55 0
0 136ms
95ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 1E55 0
0 15ms
11ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 8363675585706115765
tpc.googlesyndication.com/simgad/ Frame 9EB9 42 KB
42 KB 10ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8363675585706115765?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlNaLDhPK92xR6Pbwus7mVBuNQTKw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccd8290fddf67fde39c51530515555cf2edb5e429cb719819399305ebaa57fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:27:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 11:02:13 GMT
server: sffe
age: 38397
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42505
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:27:10 GMT

GET
H3-Q050 200 id.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9EB9 3 KB
3 KB 13ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/id.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 13:50:04 GMT
x-content-type-options: nosniff
server: cafe
age: 26223
etag: 12948112503563494795
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3020
x-xss-protection: 0
expires: Sat, 20 Mar 2021 13:50:04 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9EB9 344 B
456 B 10ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 06:19:42 GMT
x-content-type-options: nosniff
server: cafe
age: 53245
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sat, 20 Mar 2021 06:19:42 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 3537 14 KB
14 KB 42ms
11ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQ5y2I7a-tmddwI2UaGWYX-fxZTyPlX06uvGWlSkVE6x9VSW2JopXAnvaotGm8&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6af4fbf432f9344dfebbd698f225c67cb79e5211fd34ff0d247b3b1d4bf3971e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 23:17:27 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Feb 2020 02:13:50 GMT
server: sffe
age: 78580
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14575
x-xss-protection: 0
expires: Fri, 18 Mar 2022 23:17:27 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3537 9 KB
10 KB 43ms
12ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRdYSVhPpGH8njcIhZDxe8A5aBXOg8QkYSvWwLveXXR5NjEQhIKe0zI972h4g&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fc88694f8303cf5bc6e040717a6556716cb99600b5351846162a89cd9216ed4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 19:07:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 18 Oct 2020 01:15:56 GMT
server: sffe
age: 7175
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9655
x-xss-protection: 0
expires: Sat, 19 Mar 2022 19:07:32 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3537 13 KB
14 KB 36ms
6ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTnpHLXB770R2jmyEoK6ufTclKSCTE6MVz8_U-MQX83yxCq60JJr-GB3q_VxJM&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

545a76d15509af52b2db44871743a488b7c3ac34a8c40c6cfdfdfed79985f312

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:33:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Feb 2020 02:13:51 GMT
server: sffe
age: 27218
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:33:29 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3537 19 KB
19 KB 42ms
14ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQcdFz4vspzrf2F0pN4hNE91pk9XNnOWRMnD2HGiiIKXPSDvUBNAtAjkMUfkg&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88f0d232552492bd8bc408d9eac5029fb637ffeef3244a4b7756f7e6e28a89dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
x-content-type-options: nosniff
last-modified: Sat, 09 May 2020 11:15:28 GMT
server: sffe
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19513
x-xss-protection: 0
expires: Sat, 19 Mar 2022 21:07:07 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3537 8 KB
9 KB 39ms
12ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTCmTvDHdDWfx9rpEo7lrbHw6O14MUSE6GYuFnk9kKxCkFk2xVsimUQVcDaYM4&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ad8e065621accda77c2c85320bd733777c079556163f8999ca3dbdd1c3073a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 19:07:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Feb 2020 02:05:25 GMT
server: sffe
age: 7175
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8695
x-xss-protection: 0
expires: Sat, 19 Mar 2022 19:07:32 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 3537 18 KB
18 KB 33ms
6ms Image
image/png 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcR3uxYki9aNCQnZj1Ir4Q4sirIXwOOh7HlTEQTxhAW_-5xf-0aI&usqp=CAI

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

016728d55a5655d3b670184853405efa895b7e7fbf735b3b088805a3cdd6c9b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 02:40:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jun 2020 10:40:44 GMT
server: sffe
age: 325613
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18409
x-xss-protection: 0
expires: Wed, 16 Mar 2022 02:40:14 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1815 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1815 107 B
123 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1815 67 KB
19 KB 237ms
234ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3281094984279342&correlator=3851239323143867&output=ldjh&impl=fifs&eid=31060311%2C31060495%2C31060522%2C21068030%2C31060011%2C31060367%2C31060400%2C44739387&vrg=2021031801&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188027175&dlt=1616188025394&idt=1760&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=5570&adks=3971509829&ucis=p5x15jubkf7j&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1508783989.1616188027&ga_sid=1616188027&ga_hid=355411671&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

0042630b47710086ad481f009acc61af5599c14c555588937eed745b091a269f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19313
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 1815 0
0 94ms
52ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 1815 0
0 9ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 1ACE 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226134
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 1ACE 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 csi
csi.gstatic.com/ Frame 1ACE 0
54 B 106ms
106ms Other
image/gif 2607:f8b0:4002:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmf2c&c=1951442919959&slotId=975721459979.5&qqid=COuxoMmhve8CFbDruwgdstoKbg&sei=44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4002:815::2003 Atlanta, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:07 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 1ACE 153 KB
153 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99858
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1ACE 0
0 58ms
58ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cx3DneRJVYKuRJbDX7_UPsrWr8Abvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCSWslJEb6sz7gAgCoAwHIAwiqBNUBT9BzSRTgqxALjqkTQMC5gFPJ1pqn-rqHXJxrCccW5aIkL8Vm2JCuEUio38QnUm50klreoLYOQ8bnOZ_97lb1iWl9rSYVzMNNbLzc8JXswgYPuw_vCitP7bsilUlwPTe9LSDyK0NE-TxXTnIoTbgwYxIjNxW8PduXHtMu1dsc3nyJhCpDDUca7yharEeKDKMlwPnpOlu-gdYg9Ah0ep0DH9tWGzANdHcfy3WbnScYQDUgKrhp2yZ3-NUNh_qsmyjvoEyI8ZyepQHHUTEEmRb3aM6K7GmzwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC4kQvSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=xMEJA01gl5E&template_id=3484&tpd=AGWhJmt9XatVRyBeX4zVQzfKH2GekxEzevYeBB99strEZWZ1ww
Requested by: Host: d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
URL: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1090 1 KB
845 B 6ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64378
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1ACE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a969f26ca3533ea4097fb371b26e66925a1dbf4fb830163f6bc90109842d2f59

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 5C92 2 B
96 B 290ms
288ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 9944 2 B
96 B 375ms
300ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 42C0 2 B
96 B 297ms
290ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050

206

videoplayback
r1---sn-4g5e6nzy.gvt1.com/ Frame 1ACE
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=ip,ipbits,expire,id,...
https://r1---sn-4g5e6nzy.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

2 MB
2 MB

113ms
97ms

Media
video/mp4

2a00:1450:4001:c::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5e6nzy.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2BE2ED773DB827583CD01744467E61EA6AE26C18.1B020C3F5B4D645912AF75C164F8DA5A5C41C8D8&key=cms1&cms_redirect=yes&mh=Cf&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nzy&ms=nvh&mt=1616187456&mv=u&mvi=1&pl=47

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:c::1 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

745d349af5cd3b06d8d2062f7c4b633a74f964300d533d156dc2dfa3b3922255

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Jan 2021 02:41:16 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1597751/1597752
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1597752
expires: Fri, 19 Mar 2021 21:07:07 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:07 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-4g5e6nzy.gvt1.com/videoplayback?id=b827d67186304284&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195225&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2BE2ED773DB827583CD01744467E61EA6AE26C18.1B020C3F5B4D645912AF75C164F8DA5A5C41C8D8&key=cms1&cms_redirect=yes&mh=Cf&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nzy&ms=nvh&mt=1616187456&mv=u&mvi=1&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 8050 0
318 B 156ms
39ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kmgsmdpu&c=6412236806603&slotId=3206118403301.5&qqid=CIqpgMmhve8CFc5IGQodsugLcw&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=851&mt=video%2Fmp4&vs=1024x576&ulv=1&cll=0&vmfc=17&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=347&vsrc=doubleclick_dmm&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210317_RC00/outstream.min.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:07 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 2110 2 B
96 B 307ms
283ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8F3C 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8F3C 107 B
123 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8F3C 66 KB
18 KB 211ms
211ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=658437449688075&correlator=688096411166314&output=ldjh&impl=fifs&eid=31060367%2C44733568%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188027481&dlt=1616188025398&idt=2077&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=22445&adks=3971509829&ucis=yoz6zxhexlj0&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1601039505.1616188027&ga_sid=1616188027&ga_hid=758786829&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

1858cd52bf20d03a2c51fdae1436b4de6d1ad52fa3773fe3740c2cae5e73b30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 8F3C 0
0 70ms
55ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 8F3C 0
0 7ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 4F63 185 KB
53 KB 58ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206231
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4F63 12 KB
5 KB 55ms
41ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206231
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4F63 87 KB
27 KB 63ms
49ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206231
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4F63 3 KB
1 KB 64ms
51ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206231
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4F63 40 KB
13 KB 55ms
42ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 206231
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Wed, 17 Mar 2021 11:49:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:49:56 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 4F63 6 KB
691 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e47a27d91c2487289d6607ee10d7cb7b31944a5ed3ff5ffc86ec8526e9374af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 19:52:00 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 id.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F63 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/id.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 13:50:04 GMT
x-content-type-options: nosniff
server: cafe
age: 26223
etag: 12948112503563494795
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3020
x-xss-protection: 0
expires: Sat, 20 Mar 2021 13:50:04 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F63 344 B
369 B 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 06:19:42 GMT
x-content-type-options: nosniff
server: cafe
age: 53245
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sat, 20 Mar 2021 06:19:42 GMT

GET
H3-Q050 200 2076313506083323656
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 4F63 60 KB
60 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/2076313506083323656

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9152b4f342d82839152f4fdd76b4132d04d5e60c8e8e2fc5e03f81d116e87b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 12:49:26 GMT
x-content-type-options: nosniff
age: 116261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61361
x-xss-protection: 0
last-modified: Mon, 26 Oct 2020 12:40:44 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 12:49:26 GMT

GET
DATA 200
OK truncated
/ Frame 4F63 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f10eac15ea0007b911f67230ddd74196789d0a066c09d704bad89f3811048409

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4F63 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 869167ec265ae2af68bd326f0291037a9a4a3950e00bbffa1854c67efa0cde24

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4F63 0
0 61ms
59ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwyTKexJVYJTDCuTF7_UPwNycoAXvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCU2qKAPrysz7gAgCoAwHIAwqqBNUBT9CrzsfXq6FvB5JYI4_eyvTA59nV4cpnQm5HXe867VFnR9_ait8kZGlfiEaTNKHijlRtnHxi8ZJJS4TBp5MHJS9Q8sqWaHepeLswfohBKLg7l_K9RW_G7hAYzMaZ_r220xzk3ezRFH6s_rSVXB02Ks2zq-3eq0fo8l7xyIxj7pGoZGlLAD9TvSCdyVedgYp2GVR72Jdgna_j45hWAVNcnV0OzvygL81oyzt4wc-6IPgTpY4xISVC-NTCec7LJlfqaH2rZHV7hr44WTEnj-hd6yFZVcgCwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC5qAPSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=sDZwFWvNYHU&template_id=484&tpd=AGWhJmuYaRVbt6_CsErGOqN8oxE908kDzTbHe1lOBsxNcAfN8Q
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 1ACE 21 KB
21 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148280
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 1ACE 21 KB
21 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170684
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5C92 285 KB
100 KB 32ms
32ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9944 285 KB
100 KB 32ms
31ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4DF0 107 B
123 B 17ms
17ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4DF0 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4DF0 66 KB
18 KB 263ms
259ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3097014191257036&correlator=3211363304152176&output=ldjh&impl=fifs&eid=31060313%2C31060502%2C31060520%2C21064369%2C21068031%2C31060320%2C31060367%2C44733567%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188027558&dlt=1616188025402&idt=2136&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=42028&adks=3971509829&ucis=hrij4ddlagm6&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1210048728.1616188028&ga_sid=1616188028&ga_hid=1956856204&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

c61d8e6fba33ae1950175e6d931553b9e1703f97600a6925dbe20361d2737951

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 4DF0 0
0 73ms
56ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 4DF0 0
0 9ms
6ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 93A4 1 KB
755 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64378
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3537 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae23e9edd1b893834eea14e9c08ba8f89dbed774f9a1d0e76bf40b8705373f77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 pubads_impl_2021031701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 42C0 285 KB
100 KB 45ms
44ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 08:39:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102424
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EF40 143 B
216 B 7ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnWkhiXC9omh12IK7_HgdSnGjZ_H1TFVrh3lWgqu-wb6gAhIH2-BeRwGX55G00; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 19 Mar 2021 20:41:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1541
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A597 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff0bf60a9a4df9ab4f65cb23f17a2ee86eaf6b2511108d1861deb207663cfc1e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 99B0 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 04:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58665
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 20 Mar 2021 04:49:22 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 99B0 22 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 20 Mar 2021 13:07:30 GMT

GET
H3-Q050 200 efd5af212b790b949ef103480dddb5e7.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/ Frame 99B0 69 KB
20 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/efd5af212b790b949ef103480dddb5e7.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8994af594d5b44a2244155d9e567be672557846242b3c65ce86eaaeb652c3744

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 265732
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18481
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Tue, 16 Mar 2021 19:18:15 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Mar 2022 19:18:15 GMT

GET
H3-Q050 200 qcWZRcRw4fq915xPB9DSJSeGn7Tspit4rZWzDhmsliY.js Show response
pagead2.googlesyndication.com/bg/ Frame A84A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qcWZRcRw4fq915xPB9DSJSeGn7Tspit4rZWzDhmsliY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9c59945c470e1fabdd79c4f07d0d22527869fb4eca62b78ad95b30e19ac9626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 16:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 276254
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5666
x-xss-protection: 0
expires: Wed, 16 Mar 2022 16:22:53 GMT

GET
H3-Q050 200 pubads_impl_2021031701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2110 285 KB
100 KB 35ms
34ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 08:39:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102424
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 container.html Show response
81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 010D 6 KB
3 KB 30ms
28ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:07 GMT
expires: Sat, 19 Mar 2022 21:07:07 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1815 73 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 4F63 15 KB
15 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ardra.biz
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 19:52:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 177276
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:52:31 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 4F63 15 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ardra.biz
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 22:41:50 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:55 GMT
server: sffe
age: 167117
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15784
x-xss-protection: 0
expires: Thu, 17 Mar 2022 22:41:50 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 436D 14 KB
6 KB 13ms
5ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39788
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E1AA 3 KB
600 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=600&adk=3985668065&adf=1196703320&pi=t.aa~a.2979750109~rp.4&w=248&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&to=qs&pwprc=7997325349&psa=0&format=248x600&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1616188026471&bpp=3&bdt=3997&idt=3&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280%2C660x280%2C0x0&nras=2&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=181&ady=1766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=XdjDefdH6O&p=https%3A//ardra.biz&dtd=138

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:36:42 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 56E8 2 B
96 B 975ms
972ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 2C79 2 B
96 B 301ms
300ms Image
text/plain 15.165.183.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwMzE5MjEwNzA2IiwiY3RyeSI6IlBUIiwiYWNpZCI6IlBULTIxMDMxOTIxMDcwMy01YjFkNTQ5NTI1NGE0MTk4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxMzY0Lzc3ODIiLCJ6aWQiOiIyYmE4ZTE5Yi03YzYwLTQ3NDEtODFlNy0xMTRmNjQ3YzVkYTEiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4Mi4xMDIuMTkuMTM2IiwiZmxvYyI6Imh0dHBzOi8vYXJkcmEuYml6LyIsImNkdCI6IjIxMDMxOTIxMDcwMyIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.165.183.98 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-165-183-98.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-Q050 200 container.html Show response
e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame D3A2 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:07 GMT
expires: Sat, 19 Mar 2022 21:07:07 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8F3C 73 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame E1AA 2 KB
988 B 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame E1AA 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame E1AA 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E1AA 117 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:07 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame E1AA 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame E1AA 25 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124327
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 7c9238132acc3501dec94b8706ed02bb.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 21 KB
21 KB 16ms
11ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/7c9238132acc3501dec94b8706ed02bb.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8df480865ef8a7c05d4c027f411316b42d88d8b2bfca6b98ef69d526b9933a11

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 560967
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21031
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Sat, 13 Mar 2021 09:17:41 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 13 Mar 2022 09:17:41 GMT

GET
H3-Q050 200 14179ad911314116ada58e9d7095233e.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 3 KB
3 KB 15ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/14179ad911314116ada58e9d7095233e.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66b45568fef2ad5b4bf571ad8abf7c30ae5145db9cb2c6d077d8bbf514f0734c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 284974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2771
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Tue, 16 Mar 2021 13:57:34 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Mar 2022 13:57:34 GMT

GET
H3-Q050 200 f92f6b7385ab3161560abf7526ebabdd.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 10 KB
3 KB 14ms
9ms Image
image/svg+xml 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/f92f6b7385ab3161560abf7526ebabdd.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff28b7bafd0d63947fa6ecaf304efc6f15fd297c4fe352efca937a0e6daeffcb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 23075
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1971
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Fri, 19 Mar 2021 14:42:33 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 14:42:33 GMT

GET
H3-Q050 200 fc9f3426038acaf80eeed1d75f6c9a3b.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 28 KB
28 KB 17ms
12ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/fc9f3426038acaf80eeed1d75f6c9a3b.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ac3537cdc9bc4b6dcd500b0161c2a585f0fc9b634f7b1db6f7873702858df88

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 37784
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28557
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Fri, 19 Mar 2021 10:37:24 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:37:24 GMT

GET
H3-Q050 200 c561af94e35f155e6972954b80d23d7f.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 7 KB
7 KB 15ms
13ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/c561af94e35f155e6972954b80d23d7f.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b095daa45c5aedc085f2017153d1aa6507ba6475cc0b7c7918d1eaa557671efd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 43545
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7576
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Fri, 19 Mar 2021 09:01:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 09:01:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/476001994852198402/ Frame E1AA 16 KB
17 KB 16ms
10ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/476001994852198402/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac0ca827cda27d5ab4cf5734e5b7364501b54ef9aee7aeec699a1caaa0409798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:21:20 GMT
x-content-type-options: nosniff
age: 38748
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16814
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 09:31:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:21:20 GMT

GET
DATA 200
OK truncated
/ Frame E1AA 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 56E8 285 KB
100 KB 31ms
31ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 pubads_impl_2021031801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2C79 286 KB
100 KB 31ms
31ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

ecf0ffde6e56a2c058421a0ca1a3446a00d047de48239cd168f7eb93a07a9269

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Mar 2021 08:39:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102478
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 container.html Show response
454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 809F 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:07 GMT
expires: Sat, 19 Mar 2022 21:07:07 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4DF0 73 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5C92 107 B
146 B 17ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5C92 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5C92 66 KB
18 KB 158ms
156ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2963498358765794&correlator=3426748903287966&output=ldjh&impl=fifs&eid=31060316%2C31060468%2C31060011%2C31060367%2C44733567%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028174&dlt=1616188025410&idt=2755&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=74689&adks=3971509829&ucis=9gaulfzgq2b7&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1805016773.1616188028&ga_sid=1616188028&ga_hid=200593067&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

76b7887cf7a2205d76c670d062a25d88b195784df447cf7f261c78e4784e3878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18660
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 5C92 0
0 68ms
54ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 5C92 0
0 8ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9944 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9944 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9944 67 KB
19 KB 180ms
179ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4006499115772854&correlator=4463647025250717&output=ldjh&impl=fifs&eid=21068110%2C31060367%2C44739387&vrg=2021031601&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028191&dlt=1616188025415&idt=2767&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=90241&adks=3971509829&ucis=cdwqt84oyxg2&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=938849214.1616188028&ga_sid=1616188028&ga_hid=580817823&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

5a0a21b0f21d241c5c92c0c8e5076a117a0c4f242ddeccac5553bf32131e066b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19175
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 9944 0
0 86ms
58ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 9944 0
0 7ms
6ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame E1AA 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTINOehJVYLLOJr-LjuwP79W4sAXu0qLiYcih_Z_TDYrRo-2-ARABIKG0njtglYq4gsgHoAHfm_LFAcgBCakCFx8wenXxsz6oAwHIA8sEqgTEAU_QQQsaZInd8ovuwzlFhBAj9zdps0wyYdiFfFvH9UuSaWoD_c5CAfS_JkkxaNu2fimO2PEW3NoBoopU4Lr7PYZcFIkAEjoKAFeYYOIBKK7Zuknd_ykwnqI51uvB3j4a0EgjC4vBzgam-zTnk5gdZRsZ8l2O7pBMORQwyywc20khYIxMjhPaRj7TjaJkn2R9cDCTnt5YiKa90ikDTUIi7bTHnDjauciMbYYDxR7flfBUJfV9K-Br9qVT4R983mPSUhn_wpTABP-Ewua1A5IFBAgEGAGSBQQIBRgEoAYugAeJ5I26AqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCEvwjSCAkIgOGAEBABGB-ACgHICwHYEw2IFAyyFxoKGAgAEhRwdWItOTAxNjg3Mjc1NDE4MTY5Mg&sigh=1INtKTJj2bU&template_id=5000&tpd=AGWhJmsKyS93lcCu8b4v8STn0VsAQL-FAFzIVdpdiewthfzvzQ

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9016872754181692&output=html&h=600&adk=3985668065&adf=1196703320&pi=t.aa~a.2979750109~rp.4&w=248&fwrn=4&fwrnh=100&lmt=1615962396&rafmt=1&to=qs&pwprc=7997325349&psa=0&format=248x600&url=https%3A%2F%2Fardra.biz%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1616188026471&bpp=3&bdt=3997&idt=3&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280%2C660x280%2C0x0&nras=2&correlator=7078662019081&frm=20&pv=1&ga_vid=1391176112.1616188023&ga_sid=1616188023&ga_hid=855395949&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=181&ady=1766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C182982200%2C21068999%2C31060351%2C44739387&oid=3&psts=AGkb-H90B8S3m5BbNwJbxTpae5wKBOd_G5R57pxoqvAORm5M9LttiuL9w4c5R5eATkZ0tZHAm2hdtnFDTmko9w%2CAGkb-H_ZLY-PE3ajmSt6fed2yL-UvvOfijhD32x9f2QsANQU81v8R3B-Fz5LFCUddFQPtjn9X6j9y7iwIX6j2g&pvsid=47452290458557&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=XdjDefdH6O&p=https%3A//ardra.biz&dtd=138
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 19 Mar 2021 21:07:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 42C0 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 42C0 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 42C0 67 KB
19 KB 209ms
209ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1241098040766471&correlator=4463882567339445&output=ldjh&impl=fifs&eid=31060468%2C31060521%2C31060320%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028276&dlt=1616188025425&idt=2823&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=125752&adks=3971509829&ucis=wmpggwv3pgys&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1358311427.1616188028&ga_sid=1616188028&ga_hid=816425908&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

74aff4addef98bd86f6a8b3638679bf79b68c589ee862d3c9d8a470443ba4542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19132
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 42C0 0
0 119ms
77ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 42C0 0
0 7ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1E55 9 KB
7 KB 23ms
23ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90808ca6b0da8cd126dd8d340a08570358434b9e9609e19ba989aa47361b1b6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6655
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2110 107 B
123 B 19ms
17ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2110 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2110 66 KB
18 KB 261ms
260ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2110209188965919&correlator=323268583180200&output=ldjh&impl=fifs&eid=31060502%2C31060367%2C31060413%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028352&dlt=1616188025419&idt=2923&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=106707&adks=3971509829&ucis=yh6loc5egk9h&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=449638333.1616188028&ga_sid=1616188028&ga_hid=1224567318&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

10aca0e7d2086773fc61645d0d2090ba02c1d1688314f1fb43b2c9d387bc72e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18666
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 2110 0
0 86ms
54ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 2110 0
0 9ms
9ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 1ACE 0
44 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmf2n&c=1951442919959&slotId=975721459979.5&qqid=COuxoMmhve8CFbDruwgdstoKbg&umsem=0&ape=1&ple=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F86645057ba4817bae9835c203c8960c4.js%253Ftag%253Dclient_fast_engine_2019&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 1ACE 0
21 B 39ms
39ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~kmgsmfv2&c=1951442919959&slotId=975721459979.5&qqid=COuxoMmhve8CFbDruwgdstoKbg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252Fe77611775121751e5ddf2b7cc6e6ca94.js%253Ftag%253Dvideo_mra%252Fweb_raspberry&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 1ACE 0
21 B 40ms
39ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~kmgsmfv3&c=1951442919959&slotId=975721459979.5&qqid=COuxoMmhve8CFbDruwgdstoKbg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F957c89dfc9e78dd5a0a3956da91f5358.js%253Ftag%253Dmysidia_one_click_handler_one_afma_2019&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTG...

170 B
190 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTGPwipJuUXJc1zfaXd4iPTG2U7Sh9yoaeYxUTNyB6n0-wYjs9ktOyQ

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:08 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0dbb3bb3e77219ff5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESEEC7qntjK3DHktT0IAFtZO8&google_cver=1&google_push=AQvitUJQzjqOLIqanBx9x7ZL1rScMciyUp_52YslFLt9FTGPwipJuUXJc1zfaXd4iPTG2U7Sh9yoaeYxUTNyB6n0-wYjs9ktOyQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEJRCRkfzjfW-7KbtJ9jt590&google_cver=1&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjs...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjsh3zyEco8-4tZkaDjMj9w&google_sc&google...

170 B
201 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjsh3zyEco8-4tZkaDjMj9w&google_sc&google_hm=EBAQEA

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:07 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitULWiY1iFh5dQr2ociYPPeW4DtUPXk8035IQES5jc3ujZJJWM82EwkV9TVoFpzI3IyGBBY9Xvjsh3zyEco8-4tZkaDjMj9w&google_sc&google_hm=EBAQEA
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKnUToadH83oiKh-MnpT6xU&google_cver=1&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFj...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pEUTwtcUQbWb-nJK5KhWgw2&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFjC6XWKL9u16g

170 B
190 B

62ms
61ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pEUTwtcUQbWb-nJK5KhWgw2&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFjC6XWKL9u16g

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:08 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pEUTwtcUQbWb-nJK5KhWgw2&google_push=AQvitUKxjER0K4liE61qzyOtPS8bm1w_DufIAEq3bSzvA9EikG5-U5FPOhmrJeOUQ0w6lZKebrzOJWQXWGdtbuFjC6XWKL9u16g
x-host: tde-deliveryengine-production-6fcb7cb86-n65g5
alt-svc: clear
content-length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg
https://rtb.openx.net/sync/dds?google_gid=CAESEC8knfmI72BPtAPLmAJ7TXM&google_cver=1&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&google_hm=ObA3H1fFz5kBYlUUh11OhQ==

170 B
190 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&google_hm=ObA3H1fFz5kBYlUUh11OhQ==

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:07 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKvXso7ZW5nNEnXdOLkVXNb9NRUEK16PUOmXYqjZ690xrHSfByuFCJ5quKOYqM_HRglEzSuKNgCrOW8dIJ6oc8DicMGzbg&google_hm=ObA3H1fFz5kBYlUUh11OhQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: m940im3vei99qgnsvce4vvnm8lho94su

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqm...

170 B
190 B

65ms
64ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqmeTk27v5Xk&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_push=AQvitUIN9oO6sy5wgRflsmuwjR0VKGeI5hnZ2IOpB7Cxn2MmaM_dlSQF73xY8QMzDRHNMA0yYBWWiNXXeyipq5QAqmeTk27v5Xk&google_gid=CAESENsCO7n0Njn3cF6R3ssUaMY&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG...
https://sync.targeting.unrulymedia.com/csync/RX-86528e59-88fb-4c55-a957-5172fa621b91-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKXTorN4GYEvUjWxJDv9...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg&google_hm=A4ZSjlmI-0xVqVdRcvpiG5E

170 B
190 B

61ms
60ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg&google_hm=A4ZSjlmI-0xVqVdRcvpiG5E

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:07:08 GMT
Server: Tengine
ETag: RX86528e5988fb4c55a9575172fa621b91003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKXTorN4GYEvUjWxJDv9y17dtAbpVW9dr8JWK1Jbaex2h1Gj-JIBEMl9WsZLAqnJ5NoFDXVsnqseRiCoB8l5X2Ysg4BPg&google_hm=A4ZSjlmI-0xVqVdRcvpiG5E
Connection: keep-alive
Content-Type: text/html

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1090
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFVMTcLX8DTTdCohUr3VC7M&google_cver=1&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg...

170 B
190 B

60ms
59ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUJQrbxuAl3KeKNyiEMcPvZ_z-viVbYvlk05C5bycJRWeE96xHImkhXg1rxIRHxu9xOHurdI6-W4ZZNmaz6N12eePpjtOtU
date: Fri, 19 Mar 2021 21:07:08 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1090 0
40 B 31ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LNtZwGGoeFXyK4BaLKiD5ovzGx1QEy-VJXjRQbb9zW0oacUX18WTs9R4dcz9BnANl-8Tkq

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 46620dc235829dc67cde58975aa61723.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/ Frame 99B0 2 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/media/46620dc235829dc67cde58975aa61723.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10470558476792580260/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04659f68e1722e022c9fc3132ad113c24847f376e67aed9ab42f84e7fae98b74

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 43545
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1027
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 15:21:55 GMT
server: sffe
date: Fri, 19 Mar 2021 09:01:23 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 09:01:23 GMT

GET
DATA 200
OK truncated
/ Frame E1AA 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3749f2f24e16c8e9be4d890f82a03629983b243fe1bf7b35cda43b24b86056e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 id.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F63 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/id.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 13:50:04 GMT
x-content-type-options: nosniff
server: cafe
age: 26224
etag: 12948112503563494795
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3020
x-xss-protection: 0
expires: Sat, 20 Mar 2021 13:50:04 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F63 344 B
560 B 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 06:19:42 GMT
x-content-type-options: nosniff
server: cafe
age: 53246
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sat, 20 Mar 2021 06:19:42 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1E55 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 010D 6 KB
3 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121518
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 010D 144 KB
54 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121507
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 010D 3 KB
647 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:39:31 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 010D 2 KB
988 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 010D 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 010D 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 010D 117 KB
36 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 010D 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 010D 25 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124328
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9EB9 42 B
94 B 47ms
46ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYsr0SjxPd5RfbGdXtWlfWNya7YjPj583GpQz1A4Pue5JA5xPiixGK4JyMYFku-W8Q7gPiKF_3PDEjaFZdi7oXnO88h-TpQYg-MDMRWGIOGjee7Ibr0Iu6ufO3lw&sai=AMfl-YQPRERIQlKuduewLVZDIStOR49yufnOMUBG_881MwqCYrUHWkdErY_WXvrcDwyfWxNMM61sxwQKOp69AZBW7vukIrN3ZN31_axIunhehHnUo1nePsUWRYF34FHY&sig=Cg0ArKJSzHkdr-NluOY0EAE&cid=CAASF-RoociWKsOn5rxz8JtN8PzFxbmhKxob&id=ampim&o=137,253&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1106&mtos=0,0,1106,1106,1106&tos=0,0,1106,0,0&tfs=436&tls=1542&g=100&h=100&tt=1542&r=v&avms=ampa&adk=44061878

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 93A4
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIW0Cgzy32QHWzS0395v5Bc&google_cver=1&google_push=AQvitULVKKhiBbDHlESHdXzOaOAH74tf3WFxu9XwyxvGlBZxy-UvMXoZHU791L3VqNASpD3NymO6MAhBMAzxrog20qV9AEioaZES
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

69ms
21ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 93A4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECaL3zObfJjjXvjCltD2Yig&google_cver=1&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XV...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XVCo79qKUJep4l

170 B
190 B

38ms
37ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XVCo79qKUJep4l

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:40 GMT
Server: MT3 3611 f10363c master cdg-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUI5OWO2z0Mrq7O9rjAr8YQtck4jOscRGYfnITOgJd-4ipd6TuI5sZK3IJxyL_3NRl9zF-E8lX1looZj45XVCo79qKUJep4l
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:39 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 93A4
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEJRCRkfzjfW-7KbtJ9jt590&google_cver=1&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSf...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSfCV5KLqhDnX7BuEiRNxWw&google_sc&google...

170 B
190 B

62ms
61ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSfCV5KLqhDnX7BuEiRNxWw&google_sc&google_hm=EBAQEA

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJJE3fS4oVLrxVuB54chWRszz9TljOHtvdhidExSy3s4DHDVKY2QZ4FXiAynp7c6-HX2aLuwSfCV5KLqhDnX7BuEiRNxWw&google_sc&google_hm=EBAQEA
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 93A4 0
136 B 67ms
24ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEC1ICFFKxGjStzZJ9KyUT-M&google_cver=1&google_push=AQvitUKf0MtVOIHsONSs-LiHx8qobksRWVCZdDDGk44P9hAC_PHmerkorw6b2fjBdY57hLATeaGPBq8J687NfFcslTzBRW4yIu3i
Requested by: Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 93A4 42 B
233 B 269ms
88ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELZdj1PE93nCEyGDAkGbfnc&google_cver=1&google_push=AQvitUJPorZF22rDbe_UKENlt_iZfrmR8L9AgHVvPy3WAR8n664tr2qjNK6vaDZBDQpAflCld3D1rGvkZjuhDuh2Rld-UI2WWVM
Requested by: Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:08 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 93A4 0
35 B 111ms
35ms Image
text/plain 54.76.222.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEIwDaTUNeARoVlWWxRwxZFU&google_cver=1&google_push=AQvitULubj0s71HzaclrtjuC8aI6QTZhn1uah6Mnlx8xt3DsT6wOfkZV4dU-UvD_Weq9CSwb_JXL7j1Ntu9TfTJADEpNv0sfz2a6
Requested by: Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.222.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 93A4
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEAizIKwzJUsDrjsZ_4zmXwM&google_cver=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5RWlsFc_nts6Nz7unQh3SPPqIDhY7x0_PYpZ4j3FQqVWXzSjoba1CVtWhKKOC1yyuueMON
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&mn_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5...

170 B
190 B

49ms
48ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&mn_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5RWlsFc_nts6Nz7unQh3SPPqIDhY7x0_PYpZ4j3FQqVWXzSjoba1CVtWhKKOC1yyuueMON

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&mn_hm=MjU5MTg5NjI4MjEzODQ4MjAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUKiAtLRbJVO_fC-lssJJJRaPj5RWlsFc_nts6Nz7unQh3SPPqIDhY7x0_PYpZ4j3FQqVWXzSjoba1CVtWhKKOC1yyuueMON
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
x-mnet-hl2: E
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 93A4 0
43 B 31ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JOR6cUCA4EHVHuXcl-rDSIqJcps7BvcmGb0KKpwdgEWqZIyP-uS5IPt0kRSC5WDzgXHKQQ

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 container.html Show response
cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame FCBC 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C92 73 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 56E8 54 KB
21 KB 23ms
22ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

3477e8fe3b7becd59943c9497c9a6cdcb7768f59f5c0bba0bcf981c923b25c6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1540
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20897
x-xss-protection: 0
server: cafe
etag: 7857869394883405340
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 19 Mar 2021 21:41:28 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 56E8 107 B
123 B 18ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 56E8 107 B
123 B 16ms
14ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 56E8 68 KB
19 KB 151ms
151ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4180902568638112&correlator=1178903067097793&output=ldjh&impl=fifs&eid=31060311%2C31060501%2C31060344%2C31060367%2C44739387%2C21066613%2C21066614%2C21067087&vrg=2021031601&ptt=17&sc=1&sfv=1-0-38&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028597&dlt=1616188025433&idt=3145&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=164041&adks=3971509829&ucis=joj1yesjck34&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&rumc=4180902568638112&rume=1&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1121887084.1616188029&ga_sid=1616188029&ga_hid=1161742678&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

bfdc7f402c2556f33f2342ed3d61f6a5054b09c8105258e959dd6494b80bee80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19689
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 56E8 0
0 66ms
52ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 56E8 0
0 9ms
8ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2C79 107 B
123 B 21ms
18ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C79 107 B
123 B 17ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ardra.biz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C79 67 KB
19 KB 154ms
153ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3641001752435330&correlator=2838611563935894&output=ldjh&impl=fifs&eid=31060522%2C31060343%2C31060367%2C44739387&vrg=2021031801&ptt=17&sc=1&sfv=1-0-37&ecs=20210319&iu_parts=223513049%2Cca-pub-5111137191506013-tag%2Cardrabiz_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cookie=ID%3Dead2f7111696c403%3AT%3D1616188023%3AS%3DALNI_MaJrKLboi3BHEzQ0fHTQoLurJz52w&cdm=ardra.biz&bc=31&abxe=1&dt=1616188028617&dlt=1616188025428&idt=3178&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=856&adys=146859&adks=3971509829&ucis=ntla9y4cvrxv&ifi=1&ifk=3008407577&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=ardra.biz&loc=https%3A%2F%2Fardra.biz%2F&top=ardra.biz&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1947650549.1616188029&ga_sid=1616188029&ga_hid=354432585&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

68c6992c5429832eed274d1f84f6be5b7060a5a075d6c9e00ffcd6fc0571db93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19045
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ardra.biz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 2C79 0
0 90ms
55ms Other
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 2C79 0
0 7ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
176 B 17ms
17ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CerKmeRJVYKuRJbDX7_UPsrWr8Abvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCSWslJEb6sz7gAgCoAwHIAwiqBNgBT9BzSRTgqxALjqkTQMC5gFPJ1pqn-rqHXJxrCccW5aIkL8Vm2JCuEUio38QnUm50klreoLYOQ8bnOZ_97lb1iWl9rSYVzMNNbLzc8JXswgYPuw_vCitP7bsilUlwPTe9LSDyK0NE-TxXTnIoTbgwYxIjNxW8PduXHtMu1dsc3nyJhCpDDUca7yharEeKDKMlwPnpOlu-gdYg9Ah0ep0DH9tWGzANdHcfy3WbnScYQDUgKrhp2yZ3-NUNh_qsmyjvoEyIs56TN9YTsWXNeVkG4ehwTSyoKfuzwAS_8e7erAPgBAGgBi6AB5eF9DeoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RuoB_PRG6gH7NUbqAeW2BvYBwDSCAkIgOGAEBABGB2xCcWHjq8Okg8AgAoDmAsByAsBgAwBuAwB2BMN-BYB&sigh=0bb6Gsh0LZw&cid=CAQSPACNIrLM2u9ti6bp1DUBRupv9f_aqvstWvG1otftJz5DNNsFO5xnTQ6ccTCm__fSprgmdEp0iJevhLpB0A&label=adresume

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 869D 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9944 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame E1AA 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 01:58:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 155328
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 18 Mar 2022 01:58:20 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame E1AA 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170685
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame D3A2 6 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121518
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame D3A2 144 KB
53 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121507
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame D3A2 3 KB
601 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:32:06 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D3A2 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame D3A2 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D3A2 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D3A2 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D3A2 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame D3A2 0
0 17ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTDVQ9fQNFKXKuBtcNjBGe7q6USL3etwegvoNJo55mAY4nEbxyTz8776XArqnDWy9ao8xhPUxSNUoVAHJ074D5kPtD1mQ
Requested by: Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame D3A2 25 KB
11 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 809F 6 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121518
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 809F 144 KB
53 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121507
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 809F 3 KB
601 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:35:36 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 809F 2 KB
920 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 809F 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 809F 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 809F 117 KB
36 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 809F 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 809F 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQXOPaskPKtpgKCj4x_eheNd-qhfuq3Z9ode_waLCZAWW90KCRnuX53eRfuLhFrzWrIKwjnz6Co6xTwfw5B8adTEHfiCw
Requested by: Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 809F 25 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EF40
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
269 B

39ms
39ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
URL: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnWkhiXC9omh12IK7_HgdSnGjZ_H1TFVrh3lWgqu-wb6gAhIH2-BeRwGX55G00; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 19 Mar 2021 21:07:08 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 19-Mar-2021 22:07:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 19 Mar 2021 21:07:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 19 Mar 2021 21:07:08 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame E771 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39789
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 container.html Show response
b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 56BD 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 42C0 73 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A597 42 B
132 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstO-p-NINNJfaIb_pKOkiwvpXA_MnoAzGYoCFeOmIrhEWKslYobfRl6LwRr_4db1DZbMnCAsp0fe0PEmxOj-sutHQIoPB-ZBca4EX2qwAXzWfvfpSIXF0KDxKSdug&sai=AMfl-YQnrRJ66pDQnwr_cGoEBJdMsTVkZ1wDG6Q1FuuLSPAr506cDwseqWPaVBLQjc2KreEEh8WSom0E8ot8LfdtV36sOXITusPxlZIvj4LNDZGth6dIjyD7t9HTcuPp&sig=Cg0ArKJSzNYlZ5lGQ9_NEAE&cid=CAASF-RoncD1qpkCuDAppo6gwMGQ30oF7iYP&id=osdim&mcvt=1096&p=441,856,691,1156&mtos=1096,1096,1096,1096,1096&tos=1096,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3533315679&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1616188026790&dlt=103&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame F28F 6 KB
3 KB 30ms
30ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2110 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame F2C4 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10888
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
66 B 18ms
18ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 95AA 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56E8 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 container.html Show response
0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 6549 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?v=1-0-38&n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 19 Mar 2021 21:07:08 GMT
expires: Sat, 19 Mar 2022 21:07:08 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C79 73 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame FCBC 6 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121518
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame FCBC 144 KB
53 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121507
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame FCBC 3 KB
601 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:37:10 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame FCBC 2 KB
923 B 9ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame FCBC 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame FCBC 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCBC 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:08 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame FCBC 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame FCBC 0
0 19ms
15ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ3c2tqhJ9pbKhgzqaWd01vntH6qmr5Swt5rOVNfRjSNHrKnV4G2wQ67oZBKLgaUKQSWt21QyDbouIAZf30how2SayCcQ
Requested by: Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame FCBC 25 KB
11 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 010D 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 010D 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 010D 0
44 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmge6&c=4615458038003&slotId=2307729019001.5&qqid=COyKg8qhve8CFcSBdwodwaYLkw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 010D 153 KB
153 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 010D 0
0 60ms
60ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CblfuexJVYKzhDcSD3gPBza6YCe-X9vNh_aXpjvsM2dkeEAEgmbWJQ2C5-MeA3AGgAczA8M4DyAEJqQIXHzB6dfGzPuACAKgDAcgDCKoE1QFP0Iz8p68s3_0LmvieB09m1ZRI0eIVnyQtMUiZ4iYAEG2LQ0eKmV_sDaJnFeizKOoGRes4RZFtYtYpkE8owgg5IA_eextjqoIK_Um0o2GzhUzlwNw51Fe_gJIt1E6UkQt_LR2uS2jTTjT0G8XrHEDXaRgfB2U57IV6RMrGqivAL0rIayML_0Vyi7cWdgXMkm1snlX9R6ccxrU0p6rkabZERReFM2-2L1pDjz0fo6_gyWqaxQJZKCN6NBv7q9caIaZrqncuNtr3TAZJpT0hK7IpriSx9_TABL_x7t6sA-AEAZIFBAgEGAGSBQQIBRgEoAYugAeXhfQ3qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEM6gBtIICQiA4YAQEAEYHYAKA8gLAdgTDbIXGgoYCAASFHB1Yi01MTExMTM3MTkxNTA2MDEz&sigh=MOypPf3rLYs&template_id=3484&tpd=AGWhJmuMKyNt8bg5Ty7FsIZ9r4_JVp28KT0_QkzRfYme3zFM3g
Requested by: Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B618 1 KB
755 B 7ms
7ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 010D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89e1e1a03c9d24214b68d4869dc9e7afc20e36e8ff9671d3c30a27e0265a7ba4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 869D 6 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121519
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 869D 144 KB
53 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121508
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 869D 3 KB
647 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:34:27 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 869D 2 KB
919 B 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 869D 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 869D 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 869D 117 KB
36 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 869D 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 869D 0
0 15ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQduCzjt6nuW0bVz5R3ClaplHpo57dfNger_xWurIySexZkYw6ESH93sbKIbebcmnVbxrzzxaC8bfPxXjreOynwO8pAEA
Requested by: Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 869D 25 KB
11 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 010D
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

18ms
15ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=030A8942A0E7E8E65C9C3BB69564FB1D00412F5F.158A17A1B863088F56067C017618C3D52A11EBBA&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=030A8942A0E7E8E65C9C3BB69564FB1D00412F5F.158A17A1B863088F56067C017618C3D52A11EBBA&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 010D 21 KB
21 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 010D 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame D3A2 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame D3A2 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 809F 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 809F 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame D3A2 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmgho&c=4795212685895&slotId=2397606342947.5&qqid=CMDJlcqhve8CFTvUEQgd3wYAtw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame D3A2 153 KB
153 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D3A2 0
0 58ms
57ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNxNJexJVYICgILuox_AP342AuAvvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCU2qKAPrysz7gAgCoAwHIAwiqBNUBT9ADaYi6MCTAaEGJAm1xJYCx5CTr5l308l9Q34vVwBaz2OHa_TXlDEL_UVLT0Rjei-jAozS3EI0rlLFtFADLPN3m2R2fclm5ojaKz4xSHflvTAt53EANFIlFyZFmGaDSreYwIQeM1DWzsC5b46RZjcWibL9D_lzOX-Se31SpjHkWuKCQAIAjTi8jL-mLDc4rGkLCWcl0gd38wCOaRMVeBHOz5tOGIQchCMKXOXYr9TNHVJv_HsiKvTBKMgHErJMcK2XoDB7tdL-8P40FfIodzGZc9tzhwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDLkQXSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=CbWCyJmbhlI&template_id=3484&tpd=AGWhJmvf_flQdJbMAEE3MCvHnVDvVDlc1eCtoovIukzuQbJ69w
Requested by: Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C39B 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 56BD 6 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121519
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 56BD 144 KB
53 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121508
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 56BD 3 KB
601 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:38:53 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 56BD 2 KB
919 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 56BD 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 56BD 2 KB
1 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56BD 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 56BD 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 56BD 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRe5Ykje957mMqRID4MA95SmqUek7hc8w-NX675ZS7t3Don7fIX8sF6zO1i2Z2NyQOc8Ml02HW9QMQBM5N39inn0pKoyg
Requested by: Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 56BD 25 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 809F 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmgjn&c=5972938531810&slotId=2986469265905&qqid=CPOymsqhve8CFcy8dwodGBIGnQ&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 809F 153 KB
153 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 809F 0
0 105ms
105ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CT55nexJVYLOJJcz53gOYpJjoCe-X9vNh_aXpjvsM2dkeEAEgmbWJQ2C5-MeA3AGgAczA8M4DyAEJqQIXHzB6dfGzPuACAKgDAcgDCKoE1QFP0J4yvZXGtoWQpidSnoCKlY374cYXy2524znoV7FkmPMWTMX1g_ujqcYFUTTSh6AYB8yb8rgoUMk-3UGRpHh91H1_gtrMptmnlWi480LLJ7oHFqLf0Vdxhczx7IH86pCKReUTpQ_pFBV0Pefpbzc6FaJA9ZYpBucQgAWp6gyfn9vDl5XL0irme8kiVWxgbHTb32xWvs0SlrnseH6PE90HLsDU65Uwq6HhgmzrTt-nn3Eu_U0twG8iScOHm-CkvNVfue7dkIWjW8vzkPnG7zkcNRWLlcbABL_x7t6sA-AEAZIFBAgEGAGSBQQIBRgEoAYugAeXhfQ3qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEPi2BdIICQiA4YAQEAEYHYAKA8gLAdgTDbIXGgoYCAASFHB1Yi01MTExMTM3MTkxNTA2MDEz&sigh=xqWMjs8OWS0&template_id=3484&tpd=AGWhJms3hReDNkotvnqrYB_0LZAe6VF0gzQlP1Mqm926qPDKBg
Requested by: Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 470A 1 KB
750 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D3A2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf3e6af7bb9d3ea1d4bfee19d1156138224ddc4dc86511fd6825cee6583bc989

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 809F 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbca563229a4014ed4ee64f8fa9669a188a40bc9adc92b95802b9c05f5eff792

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame D3A2
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

6ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2719E647F5EF4DCC5C7505650C7C95360562E00F.1BBE21D2D13BFBD97ED10B994BAC746F89A3F9C2&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=2719E647F5EF4DCC5C7505650C7C95360562E00F.1BBE21D2D13BFBD97ED10B994BAC746F89A3F9C2&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame F28F 6 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121519
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame F28F 144 KB
53 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121508
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame F28F 3 KB
601 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:32:28 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame F28F 2 KB
919 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame F28F 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame F28F 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F28F 117 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame F28F 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame F28F 0
0 13ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOv8N5vJ-9xyG3uj0hE3HtN9cmEzJ_n9jZm2yEt_2ORni6yT6fx_rgI3wfxwtGF-KqCiI1xgsaIpgqYphHfdOkM5NZcQ
Requested by: Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame F28F 25 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 809F
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

7ms
7ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=79406EBD259ABC830C0FCDE922F59BDCDE70234A.346F3A3627B050D91CF25878D66786E2499EC0A8&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195227&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=79406EBD259ABC830C0FCDE922F59BDCDE70234A.346F3A3627B050D91CF25878D66786E2499EC0A8&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D3A2 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D3A2 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 95AA 6 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121519
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 95AA 144 KB
53 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121508
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 95AA 3 KB
601 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:33:54 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ Frame 95AA 94 KB
29 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ac383f7650b2491aabb39a776a52c367ea1f9bd4d7f893ee6eed8394fb20f46

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29124
x-xss-protection: 0
server: sffe
date: Fri, 19 Mar 2021 21:07:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "93504c6da7562eb5"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 95AA 2 KB
919 B 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 95AA 17 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 95AA 2 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 95AA 117 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 95AA 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 95AA 0
0 16ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLFE8_2hAhyKEftGhglKi6ZDEY_-RUzFExQQuqgp4R3GOYezqni9GPIRWaPzfHGpswWUBEHOVxNF83tepvAx4yODCkzQ
Requested by: Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 95AA 25 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 86645057ba4817bae9835c203c8960c4.js Show response
www.gstatic.com/mysidia/ Frame 6549 6 KB
3 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/86645057ba4817bae9835c203c8960c4.js?tag=client_fast_engine_2019

Requested by

Host: 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
URL: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121519
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2784
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:21:50 GMT

GET
H3-Q050 200 e77611775121751e5ddf2b7cc6e6ca94.js Show response
www.gstatic.com/mysidia/ Frame 6549 144 KB
53 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 11:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 03:37:36 GMT
server: sffe
age: 121508
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54730
x-xss-protection: 0
expires: Wed, 16 Jun 2021 11:22:01 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 6549 3 KB
601 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 20:39:48 GMT
server: ESF
date: Fri, 19 Mar 2021 21:07:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 6549 2 KB
919 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 20:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 20:56:33 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 6549 17 KB
7 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:02:31 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 6549 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:05:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:05:10 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6549 117 KB
36 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 6549 13 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Apr 2021 21:00:56 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 6549 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ60d-KvZnQcrfCtcFo2kvqIPmT3U6eogVZ8GQciHqB61lBQoJTWwcWlsiqAL6FBp-k3lyGr32UIzcmc0dIuyCkOk0T8w
Requested by: Host: 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
URL: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 957c89dfc9e78dd5a0a3956da91f5358.js Show response
www.gstatic.com/mysidia/ Frame 6549 25 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/957c89dfc9e78dd5a0a3956da91f5358.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 10:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 03:13:35 GMT
server: sffe
age: 124329
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10839
x-xss-protection: 0
expires: Wed, 16 Jun 2021 10:35:00 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 809F 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 809F 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame FCBC 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame FCBC 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame FCBC 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmgsu&c=2408716794296&slotId=1204358397148&qqid=COTLv8qhve8CFbDdEQgdbdwK8g&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame FCBC 153 KB
153 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FCBC 0
0 60ms
59ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CG9rNfBJVYOSdDbC7x_AP7birkA_vl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCU2qKAPrysz7gAgCoAwHIAwiqBNUBT9Bat48WErN4hw1kV3539Vnh6qVu-5byUnR7eh740hchToSKPzwa1eJydBXl8ESygwMBp3v5JkMJRRw0JJU9c3yJOobIODttFp37yHYlbTwHQSAiUxkJEtes2gN-VYGEreyebaFWvSn6LFEoCnpNcaAIjWUpWPeXd4JE9mSmbvH1MgRN3QQHkp3S3n45FXKoqpxI66nJrGsDey2B1NOZA-Afudr2ky986q4NJnKxgvOImeK4gDnepnW60da1fDlEEwm8jEKUh1jwGVYx1vb95lOBpiP1wAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCNxgXSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=ZsxsXu-0exE&template_id=3484&tpd=AGWhJmu4dyFV4PU9MZ9UM2GBwJ2Zoe-QPa9_7peFaoY-h_0TZQ
Requested by: Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 84ED 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1ACE 42 B
89 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnJ6bkulVHonAoDKmiCOEpkFYsnEaaQ11ZD_F_vboqZNd0zqfWcLzPDcq0Rkw_COPyicC8uqSsz9qmbjnGl1vglL93cz_DZP0_bZzGdov0e8N-iiPjdSe-5DIFJNP8lst-osNo9dMfUDnNL4IVE3Em&sai=AMfl-YSZOOWYqjMPK621KyA54LYHgWoA_jFfVYtW4hcLzjhz_9-TCZsV12OrW6pyTT_9OoNzPjRP2jh-dgjReAZ31fnF_4wplCZcafUTnqknlSXW4HJDSCQTDDuZt0Wx&sig=Cg0ArKJSzK1nC_oe75eUEAE&cid=CAASF-Ro766-KkyP8xy3SSmPnfZ84EGqZe85&id=osdim&mcvt=1112&p=0,0,250,300&mtos=1112,1112,1112,1112,1112&tos=1112,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3971509829&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1616188026301&dlt=364&rpt=110&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame FCBC 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3aac8d5a518c2edb4f34abd05e10d99460634f9e3df5186703f34549e88f34b9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 869D 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 869D 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 869D 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmgvf&c=5074081037475&slotId=2537040518737.5&qqid=CMjIwMqhve8CFVnLuwgdQIoD6A&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 869D 153 KB
153 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 869D 0
0 77ms
76ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJ4JffBJVYMiaDtmW7_UPwJSOwA7vl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCFx8wenXxsz7gAgCoAwHIAwiqBNUBT9A_1QzrcFYSWV-kSDh1WmbMODHcxqptFczCw7t92Uh3jBF8LOcG_8EDLFFlpBTao6XdUBWrVAsbGnsjApVqVtiPNW89qKVn_IIcIVBZVHS9Ut3Y7bHzvUbh-uexXujP4_WL-NggRBr5kkCAeEbTVDSymcdOuy0DUWQcQcZsZ-ATX4NvFxh4h3mSH4LGVM40G7QV9eiT7SL8fARrV9IiYxad9RXjSVYmK4N-eGzMPLOZhvW57P7AmahiNnqG2s2rcjKifvkowNp9yTAw3-XX_0G4v96VwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCJjgXSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=nSFQiegkdWc&template_id=3484&tpd=AGWhJmtz5SANn_EaRW7iMa9nI1OqSODMF-_LPepSj-7NUkhxEg
Requested by: Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 87E8 1 KB
750 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 869D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80b6db1663e3df8a83d488687e03135fa5ae7f5155e19d9cd303698c07abd82b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 56BD 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 56BD 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame FCBC
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

7ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64A4156D6167DC39F3F0F47CF5F473F2F627325C.27D4051486AAD03B8F27B27D0E7FF630FF31295D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6899
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64A4156D6167DC39F3F0F47CF5F473F2F627325C.27D4051486AAD03B8F27B27D0E7FF630FF31295D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 1ACE 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=5~kmgsmfv3&c=1951442919959&slotId=975721459979.5&qqid=COuxoMmhve8CFbDruwgdstoKbg&dm=20000&event_name=first_play&asset_bytes=220454&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=13&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=3&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3537 42 B
66 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgcFhCK1A91fbTPt3ycO87FOVCtx8AAGguwO0aOaLSvRXZTvNm-D3YoscLwnGghyJVSYLktOW3qyNuSZxixQezRrEI3CHqJ9LhX4tbj07O_s7oY8mmAr6peh2XDA&sai=AMfl-YSrAlzoVqKHZtFPmwvB8ZocGHL3QqhqgqyI2UdOPih5-ZYZR8ctUrl6K617OtW-q2cP0OPoRQ1zUw8rQ2WUz5f6gYrr5WYp0ynVzZWQtehV9xHoAb3SlzNppqaS&sig=Cg0ArKJSzDMN7F0WJXo0EAE&cid=CAASF-Roji-kJxG5jrqyaMd6Yu2LNo3xCrCT&id=osdim&mcvt=1152&p=83,631,183,1381&mtos=1152,1152,1152,1152,1152&tos=1152,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2503024182&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1616188026730&dlt=128&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame B618
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUI6iyUk4O76BTis_uPCtnXIRgztk2HAEvMmXktY0DP2wYArps-OuxzbKTTUnBiof3_uaGRGRf23pkCTsrClyOdtWNMdckpX
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

187ms
187ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame B618 0
104 B 92ms
64ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBdc_1ogqIAGmTcNV4u0cVk&google_cver=1&google_push=AQvitUIHWav36qkEYKjLFIdkd69ET1-YWEMpJiw41S8ZkGonljZA54pIyWE9ycWRAtSmfwzT486Akjlnyx52dQW6XmHcv8zqcREB
Requested by: Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame B618
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJDx-0yAPs4oKjdCMGSIc9Q&google_cver=1&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2oG-hOtn92F8s
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6BE7CB1F80FB4AEEBFA7B4E061332D67&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2...

170 B
190 B

75ms
75ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6BE7CB1F80FB4AEEBFA7B4E061332D67&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2oG-hOtn92F8s

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6BE7CB1F80FB4AEEBFA7B4E061332D67&google_push=AQvitUL-6ZYDYQIrM0TV14eQ5-WHGS3V5Ao6g23DMpJ8qtqoXPCE-Ee0xXcdqaxAyqWd_b1FCNZdjoK6Fh8SYx2oG-hOtn92F8s
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Thu, 18 Mar 2021 21:07:09 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame B618
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=U7XhKR8XRV6_6kt4QTWiQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

81ms
81ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=U7XhKR8XRV6_6kt4QTWiQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULMMWj5sywf3CLfBTtl_ZdgEAmwM-ejoD6ri2TYuLCmqsDoDosgwI2GmOU1KoIXNRvjjZvsv6uMI5PwUIavCkD47YIFeOKx

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=U7XhKR8XRV6_6kt4QTWiQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULMMWj5sywf3CLfBTtl_ZdgEAmwM-ejoD6ri2TYuLCmqsDoDosgwI2GmOU1KoIXNRvjjZvsv6uMI5PwUIavCkD47YIFeOKx
Date: Fri, 19 Mar 2021 21:07:09 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame B618
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAhBvu4ecDsRs2il6zezDQY&google_cver=1&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbe...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01HWkItWi1FUUVD&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbeK7GQfRdzRlko4lbhnfnPqyS6G

170 B
190 B

35ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01HWkItWi1FUUVD&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbeK7GQfRdzRlko4lbhnfnPqyS6G

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01HU01HWkItWi1FUUVD&google_push=AQvitUJB01pTeoIndFm4GY0M7sykHfA2w0ZYhDNfQSgSGpgvZNUSoT8UrOjGOpPFm7vAmq0jkbeK7GQfRdzRlko4lbhnfnPqyS6G
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame B618
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJVCEo8EQ_0prr-_nWvQ0LI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_cver=1&google_push=AQvitUKR54784bvLhlFQqDbc9AwKUNf7gvfDlnVY8kNNUkWAlWoVGCfu92ltwWtWa7Ese4rM9E4W...

170 B
190 B

35ms
35ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_cver=1&google_push=AQvitUKR54784bvLhlFQqDbc9AwKUNf7gvfDlnVY8kNNUkWAlWoVGCfu92ltwWtWa7Ese4rM9E4WW9vbK3xwv_5CipJ91TKe_Wpw&google_gid=CAESEJVCEo8EQ_0prr-_nWvQ0LI

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFUSfPOfAiyyQuqigwQhUwAABJEAAAAB&google_cver=1&google_push=AQvitUKR54784bvLhlFQqDbc9AwKUNf7gvfDlnVY8kNNUkWAlWoVGCfu92ltwWtWa7Ese4rM9E4WW9vbK3xwv_5CipJ91TKe_Wpw&google_gid=CAESEJVCEo8EQ_0prr-_nWvQ0LI
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Fri, 19 Mar 2021 21:07:09 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame B618
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEPjT5Ah52cMYQAtZ-fbWuiA&google_cver=1&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2Wgs4SGneyvx4GbkK-UGkLOvpJzZWN8Z0BA1Q40jsL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2W...

170 B
190 B

34ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2Wgs4SGneyvx4GbkK-UGkLOvpJzZWN8Z0BA1Q40jsL

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA3NDc5MDMyNzY5NTE2MTYxMg%3D%3D&google_push=AQvitUKCMQ1w5A3pUX9pZl6pBWG4LoOZRwqe98t2D3qF5BM6ejaHS9xy3T2Wgs4SGneyvx4GbkK-UGkLOvpJzZWN8Z0BA1Q40jsL
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame B618 0
16 B 31ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KRZhNsPxzFm0Dxq8n2Jm0Jm1IVPB3dsLsN4JAnPFBEgmhPMQltRz7FQjr7IgbQxUfaDMqC

Requested by

Host: 81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
URL: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 869D
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

6ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=1B636E1FC46D415F7896B6EA27262D362FAE9DC3.4990039386C4AB5463E14286CEC04E16CAB0D495&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6899
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=1B636E1FC46D415F7896B6EA27262D362FAE9DC3.4990039386C4AB5463E14286CEC04E16CAB0D495&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 56BD 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmgzi&c=2514857279754&slotId=1257428639877&qqid=CKGExsqhve8CFStF5Qod9OEOsw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 56BD 153 KB
153 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 56BD 0
0 58ms
58ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEzbOfBJVYKHWE6uKlQf0w7uYC--X9vNh_aXpjvsM2dkeEAEgmbWJQ2C5-MeA3AGgAczA8M4DyAEJqQIXHzB6dfGzPuACAKgDAcgDCKoE1QFP0NwsDraaTFYvU81NOjmb-2K0wuhdqfPUJ5P5ADimVvjn17k0CPoW5tstOEgkhJaCs1xFkZngnaW2DC3GTsSE-F2DqPZnqt9BykjUNl3p7m776ZX8mFmRM_R_JBF1O4UaOt5JxJXgWS89in0Ummy6gf5916sPXmnjUhK7DiJloGm1Zpm6KX_v_sWlxEWX0JVC4LltlFNQELT23KmfwWVX71sIwFFOWRIkvUTzd5mL39ENjR5gocPapIVhO4qghY1F1p5Yckg_JHrLNuMXA2-NfBTKQQTABL_x7t6sA-AEAZIFBAgEGAGSBQQIBRgEoAYugAeXhfQ3qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEImOBdIICQiA4YAQEAEYHYAKA8gLAdgTDbIXGgoYCAASFHB1Yi01MTExMTM3MTkxNTA2MDEz&sigh=QssHphYf1LA&template_id=3484&tpd=AGWhJmtwm2SsGsm0gchfBmq2SrfMKEdvNSQ5KR4j6SRaUMV6kg
Requested by: Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9897 1 KB
750 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame FCBC 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame FCBC 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 869D 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 869D 21 KB
21 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame F28F 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame F28F 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 56BD 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 20af8487a74b89fbd965d855c8c24eee996a05792f8f197ef53de216da9137e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame C39B
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJNzEeCaTNvYJELBDO4Yx08O8eYvTFv-TBLqPKMogxZfE0r14ArEDgDCCfr7HBiyeUgESZ_oT2F3bqiCUV_BCNjUvab17k
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

69ms
68ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame C39B 35 B
462 B 109ms
105ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUJ5NizvLZa7Txpn55cUyKazpF37OUQB9tbMO0U6eMIAVHWMNN8qcpksQ7pwUY98pVRgfms9VOO-HqIsLrRIMf-Zx2GELA

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C39B
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKsDPsLR3rqMilxqG_5i9O90Lt5-nWDetIuKg8RzD4...

170 B
190 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKsDPsLR3rqMilxqG_5i9O90Lt5-nWDetIuKg8RzD4vpdKNLKM0QGiVYhoApVYH3-2pyu6-A_Cqhczc05DgZJVR-qe6Tug

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:09 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0bdbeb4516d61c7d8@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKsDPsLR3rqMilxqG_5i9O90Lt5-nWDetIuKg8RzD4vpdKNLKM0QGiVYhoApVYH3-2pyu6-A_Cqhczc05DgZJVR-qe6Tug
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C39B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0r92F0bTHcf0

170 B
190 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0r92F0bTHcf0

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULsQDtd5JIQx6ddzptRea9sp2EwVOAdzrhbj-wfSSyFUftrHGe6lynur2B9c5U6b6nBR9JPY2rdyLUMH0R0r92F0bTHcf0
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame C39B 0
16 B 34ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ItNb7LMFpbE3JdjLBOyAl7tfRG_4bYnw7oCEMQ8QP4HRwr4zIU

Requested by

Host: e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
URL: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame F2C4 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39790
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 56BD
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

7ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=079EBAC358235D0FEABD7FC74F90834720C31653.1BD698919B9225D707820B2E6EE123A7FD176417&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=079EBAC358235D0FEABD7FC74F90834720C31653.1BD698919B9225D707820B2E6EE123A7FD176417&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame F28F 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmh23&c=256269615489&slotId=128134807744.5&qqid=CLC0ysqhve8CFZFN4AodgF8MUw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame F28F 153 KB
153 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F28F 0
0 58ms
58ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbqyOfBJVYLCGGJGbgQeAv7GYBe-X9vNh_aXpjvsM2dkeEAEgmbWJQ2C5-MeA3AGgAczA8M4DyAEJqQIXHzB6dfGzPuACAKgDAcgDCKoE1QFP0K-c3nIMLYXBw0STOTLa0z-wGNhhoQp75CPKydrZTOPv8v9tsfe66_vos-9nmmIDV-ihQsZqUU1NV_kIzXigiv4iGeu8UgnNWFKsxDS1v6SJ6ocGECpGMZ8ewXQVU0AS1VVdM9NmFdmWfkISLZ2QYKdIbDymLiWY7phfHJHkwq18I3EP6IHJkavB7nvDCQuMr3Dt2u6WuO7ayK0LB4D1t3gGc6y-u94ejBL2SWsuNbrs7dCNKYlQRm7wUZ6SaK0scYRzsWnSmiTS7d_yo2F5NDe-Hk7ABL_x7t6sA-AEAZIFBAgEGAGSBQQIBRgEoAYugAeXhfQ3qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOiTBdIICQiA4YAQEAEYHYAKA8gLAdgTDbIXGgoYCAASFHB1Yi01MTExMTM3MTkxNTA2MDEz&sigh=jGr_tLpEY5s&template_id=3484&tpd=AGWhJmtB81mIciwP1cpisWxHXLQpfQjtUEdiWtdh5-63EalKJA
Requested by: Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A223 1 KB
750 B 7ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1815 8 KB
6 KB 18ms
18ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b5e45322bac7878b67a240cb2752b7ce165bce3eedac3a27a24dfe9179aeaf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6566
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F28F 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32da5514b2a9691789789cfd69d675a7ad24405a76774b74676e5f47a1373bbe

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 56BD 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148282
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 56BD 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170686
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 95AA 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 95AA 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 470A
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUIPiS6vWCbuDh087HLsfcplu4_IZIvb2pRmWgp59nYeudFJ93Enm90mH8H--MBWTkV7IgcVB2RxiJ41Ol30cJJ1MXlUk-tI
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

26ms
26ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 470A 35 B
462 B 12ms
9ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitULk3V-8uSJfBFalUeB7EbuAgg9Pg0mkWyvNbZHcr8SOhba7befMNDubc9qO4jmvLlKbWkw4OCkNTu4Fj0SdpG98eWkthBsw

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 470A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULeqpGvXp4U6BEsI8vniKZalWjSFpZIlcNIi8yFcQ9...

170 B
190 B

34ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULeqpGvXp4U6BEsI8vniKZalWjSFpZIlcNIi8yFcQ99xYUhofYSsyl5oLkdegNYd7ZxQBNVNJ8DPxFWX2qxRYbZFm9Z3lcs

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:09 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0dbb3bb3e77219ff5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULeqpGvXp4U6BEsI8vniKZalWjSFpZIlcNIi8yFcQ99xYUhofYSsyl5oLkdegNYd7ZxQBNVNJ8DPxFWX2qxRYbZFm9Z3lcs
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 470A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4m...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4mC0L93GO1...

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4mC0L93GO1m9q7

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULP0-4gQYH06jqha4DBtebuV36-UqD4dHEuYPnmXig1iTQdqG0vKJnAWwC7iPCUOfHI-MqejBghCzDrW_4mC0L93GO1m9q7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 470A 0
16 B 58ms
57ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lofb89OdOhkgO7GOurPN_CeHt11pKAOXRB08HLS-ay48SdnZhZ

Requested by

Host: 454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
URL: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:09 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 95AA 0
44 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmh41&c=5135596209974&slotId=2567798104987&qqid=CJ2p2cqhve8CFVzFuwgdxacFrw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 95AA 153 KB
153 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 95AA 0
0 59ms
58ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbWoOfBJVYJ37JtyK7_UPxc-W-Arvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCSWslJEb6sz7gAgCoAwHIAwiqBNUBT9C-jBQTLNj9Bqcu_5-R-DcO8tpXLyIbiMMH2TNWRws2vekNKhtxqIaEEkz3uMhGD3Nc7yzGVsDe_RDX0Nz55HsFxJIj8W1TxkRiHnwSgnaN7QAHjCxeuIDgzLxaMMrGVn6PRKzkePT2lQWZHqe3oyhiMhIXql3kET0RuwlNiGD8RPl_ps4JOqXfLri2ykrQIpc7Yr2kBTDZmorElFAmUD-GG0NyJEs19xj9jbrznAc6IHo50Jce2CuFW81Yz-tZj8FLbD84Ol8ET3GCKf-SJWefGgnAwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDYyQXSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=EeNzmxQUgyY&template_id=3484&tpd=AGWhJmu3rASuRswv5dXQPiDS5A-r9-C_mowOU3iK6-Fer1_luQ
Requested by: Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F578 1 KB
750 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64380
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame F28F
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

7ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=063D58F336AEFFB4181DA5A70200BE68D551882F.06E8A418D4120154041285813C7437D37EF6529D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=063D58F336AEFFB4181DA5A70200BE68D551882F.06E8A418D4120154041285813C7437D37EF6529D&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A84A 0
46 B 43ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BWuuFeRJVYK7_KMiylgTMpYSwCwAAAAA4AeAEAg&bg=!AAOlA0fNAAbUo7L91KM7ACkAdvg8WsmbdnZZC8tAgP3msx035hPcKvdmpkqf_eYMcgq-_MG6Ng6c7gIAAATsUgAAAPNoAQcKAVCA1y5KV1LfLb5-JY8W9Eysyjwv3oK7TVN-XV-wqKVbkr5AlsAwM9VZe9RSClLKd3GVBibxSRJ1uOsHNXplwO398h0QuCt6ucXbn8zM2WSsjA3l-wdV2GdaRy-HNwjg9NZd_Bz-uNXTx6nZisgby0VPtOB09hPGXt0tHhmBRhl6InBPMNHMiBp7JpeoKkOwJn-2YrqVLKgZy785flVbmbrO_ifuYLNihM1RuPZG7TZpwO4_Ye8bAFx9_nzzeT5f2I_e2UvyV3cE8szK2I8qsxKEgKGrkRZTfrkwfVHSZ0LexX4lmavazC5sg2shTSRG3bmqEQ8ASZUvKjMAiIMkxBYSdcUnLso-9p1f-bI0K_ItrjiUETBFQ1oWAwVS9YmdUWT29MJPYWNHI1zmuhruCajn00pZamnNkZ1wiBmW-pz4BfRnELSxP23Fg3fzYWTBljuZAjy0wvevIHP_3A49DhYWFEbZX3ROgUVy5vyfW-EhKXWg6v7g9V6DJ23-Z8GC66F_AirVnkyaSciy_HCQwNpTsEG6rTH-EUvgWnTMnih_0Q4lHIovFm6tsgvViLWJ6ACfOZ9K2MTOQpAgrFodXPyLrpUq4lEG428MfgumsV9yQWFHg12gbhyVSPWE6SqsM1HaS4fMLulWE58KktnST1K8wQLEFcqRshzc5LA8P8VEp6l1ozibtTgqDVZG5LDaa3RAB_XrjmcqFQJfXqRQi4gapIjlOQQum1MlGSU9kET39u9vxIJYrsr7e9VQw3j9CpKCp4X7hSGGX8i3Ko-0KxR_k6_HlLJo-2noP0XnViGiktjtlr-c_vO9z_ey8Dsl0a3vk8sBkp1CejFKr3oS8Secaf4Ff8cDAEFEGEAXDMZPzUw_QwM6WgSlsc__PgBYJ_HdMmX4cWsAvE8RfZdIppe0JKff1Y5BRi9R94wCiYKE9dPCI0_KX9icHhwkJQCB8F6C8BFhK44mHkW2RsU7pm7YXz--9YGtGjTmUdSIBtA-79vB2o7PxHhuU0eOwLfy1STd_Icq-k3lRsuNrITeWPSbnQTNkV6voc4w3tScv8T1LhkwmBaM4nCKzKJ8_CYxZcMV2fab-pu-07ApFMEwCNDYJ23rrPAoNN9uKa0ihDAifmL2oc5wgbojzMVbKVRbOPAZRDnlMrU7rh9zV_yCO11lse3qXDkCW7IcukKdJuewA_S9OVma_kStqAQkDMVC8g

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame F28F 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148283
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame F28F 21 KB
21 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170687
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9354798760487219512/ Frame 6549 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9354798760487219512/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 06:18:13 GMT
x-content-type-options: nosniff
age: 226137
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 06:18:13 GMT

GET
DATA 200
OK truncated
/ Frame 6549 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 95AA 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c64d6bd4609604f42fbebd74bb0301badf39ab42167ded4eb7ce2beb49f9db2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1815 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 6549 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kmgsmh71&c=2345747002910&slotId=1172873501455&qqid=CJas2sqhve8CFfbnuwgdsDYFiw&sei=21062100%2C44724516%2C44729911%2C44730425%2C44730426%2C75259407%2C75259408&nsei=44714510%2C75259405%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14274484544488176772/ Frame 6549 153 KB
153 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14274484544488176772/downsize_200k_v1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 17:22:49 GMT
x-content-type-options: nosniff
age: 99861
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156942
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 10:03:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 17:22:49 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6549 0
0 63ms
63ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CCgz8fBJVYJb-J_bP7_UPsO2U2Ajvl_bzYf2l6Y77DNnZHhABIJm1iUNgufjHgNwBoAHMwPDOA8gBCakCU2qKAPrysz7gAgCoAwHIAwiqBNUBT9CNmqaO0IEuXw8qkIWzQJl-vm2kPukbXMH0m6xV6VxmEMJmk1n-tbctulKkvO33fDBQ8qbsIjsil-cwV-weUo8qdhSA-hJCsdlZVY5HwlQ9SF-VakEu_OamKBN3tjaPikRp_l7SLc8c21SYmPfj_MRK2DheOWpjgfjzQOtY0uOJGFB-mB_J0cOU3oRPsy_RosiaoimorUrZBRN1decYGGOAmydow4qOZaFAsMcb9AcKPLaZiIdIt5Ty7QgXJl7vWTty1D4xGAO_tZOIk-7L0Sf6d1LwwAS_8e7erAPgBAGSBQQIBBgBkgUECAUYBKAGLoAHl4X0N6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCo5gXSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgAEhRwdWItNTExMTEzNzE5MTUwNjAxMw&sigh=fygX0JaWJOM&template_id=3484&tpd=AGWhJmtvm0rIpkdlGYUdBwxzrk7VfP_1-ojFm0C9ctbr5vp7fA
Requested by: Host: 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
URL: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9A23 1 KB
755 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 19 Mar 2021 03:14:09 GMT
expires: Sat, 20 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64381
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8F3C 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9f47b153cc32c53e839d6c2fc232d9e6aa0a83762accb16be58e05da36f9b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6587
x-xss-protection: 0

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 95AA
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

7ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=63F55E0888DF3BD35623F525FB83E87305020AEA.2DC73C0C4EEB1380DAD3D512769CA42AA6DE6ED3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=63F55E0888DF3BD35623F525FB83E87305020AEA.2DC73C0C4EEB1380DAD3D512769CA42AA6DE6ED3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4DF0 8 KB
6 KB 19ms
18ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45699e6af1f3e01dd884910eba724a4d52ac9c0dae595bc1cefbb4004b2df06b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6497
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6549 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b016870dffecd4fea0a30aec0f4b25e54a5f833613ba4c076489a58b70e41af8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 95AA 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148283
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 95AA 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170687
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050

206

videoplayback
r3---sn-4g5e6nsk.gvt1.com/ Frame 6549
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=ip,ipbits,expire,id,...
https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

1 MB
1 MB

8ms
6ms

Media
video/mp4

2a00:1450:4001:62::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=360DBCC77C4259A81A255623499CA9C6C3B6AB69.507626AB84EB70536B92A253DE1BB3498E69EAA3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Jan 2021 01:50:09 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1082263/1082264
client-protocol: quic
cache-control: private, max-age=6898
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1082264
expires: Fri, 19 Mar 2021 21:07:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nsk.gvt1.com/videoplayback?id=ab55064092af03f1&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1616195228&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=360DBCC77C4259A81A255623499CA9C6C3B6AB69.507626AB84EB70536B92A253DE1BB3498E69EAA3&key=cms1&cms_redirect=yes&mh=38&mip=2a01:4f8:192:5414::2&mm=28&mn=sn-4g5e6nsk&ms=nvh&mt=1616187456&mv=u&mvi=3&pl=47
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8F3C 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 6549 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 03:55:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:11 GMT
server: sffe
age: 148283
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
expires: Fri, 18 Mar 2022 03:55:47 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 6549 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 170687
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4DF0 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 84ED
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJdjIIHXtgug5IUbGV3tMHd_kcLz8Vm1vd4NSWhpzPKeY26EVBSIISvex-jc5QhtICA8ZXLJOA0uMGbWSS6jdrij50C7OYf
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

21ms
18ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 84ED
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilT...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilTwGOFmmDMQDoydrcZbPtlMy9tpIYBMQOFtXL4slem1y&google_hm=wWvHr1...

170 B
190 B

35ms
35ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilTwGOFmmDMQDoydrcZbPtlMy9tpIYBMQOFtXL4slem1y&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKxME6igmBKhRm0WRve2C7qMUBEyrRtEfhbE0aEL3MpJgdEuMRilTwGOFmmDMQDoydrcZbPtlMy9tpIYBMQOFtXL4slem1y&google_hm=wWvHr1kP6_rYSFOGCTP1uw
pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 84ED
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUIcww1ZcLSoEwoS7mzg4e_dFZZXtl8E8CLyj-LNpqB...

170 B
190 B

59ms
58ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUIcww1ZcLSoEwoS7mzg4e_dFZZXtl8E8CLyj-LNpqBsHeBdF4KIUruYY25UjTLiWzy9AyX2IsAfNpgGxF-KJq5sa0bWxzj6

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:09 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0ab29fc25246f26bf@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUIcww1ZcLSoEwoS7mzg4e_dFZZXtl8E8CLyj-LNpqBsHeBdF4KIUruYY25UjTLiWzy9AyX2IsAfNpgGxF-KJq5sa0bWxzj6
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 84ED
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrK...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrKWYLaioBy...

170 B
190 B

58ms
57ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrKWYLaioByLIyU

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIZ6t7pxcj9QlrMwu9SCBa3njWDaBpzlHYm_HFYsfFFoADUAgehUasD57T7oL1f4Fjgh18rhwSnxe4H8nrKWYLaioByLIyU
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 84ED 0
16 B 31ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jn3lScBaNBruT12K2y5evO4L1Ihl8nybHNmcNGQY8HKSMBavNm

Requested by

Host: cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
URL: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 87E8
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUKvXxtoPnrYYq9o6Ru257rRyvNOvBWScUHv-3QNYkv2HI77TOJW7_OayCAUkjQwrWFKUmDWmSIiwBIVZd7LaFfAYSxxqY0
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

21ms
20ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 87E8
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eo...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eokoy3Ba85AgrNGHTkK5yDKgn1RGA1wT47ucVMqKxhA&google_hm=wWvHr1k...

170 B
190 B

58ms
58ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eokoy3Ba85AgrNGHTkK5yDKgn1RGA1wT47ucVMqKxhA&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL2fOm9SWVo-z0pZ401r6FloOra9unBMi5kPxncjOe3zfPeuOH0eokoy3Ba85AgrNGHTkK5yDKgn1RGA1wT47ucVMqKxhA&google_hm=wWvHr1kP6_rYSFOGCTP1uw
pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 87E8
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULyLXC_og5G0JDy2Eh_d8ltg8IGy7V-v9rc_v2NmLS...

170 B
190 B

59ms
58ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULyLXC_og5G0JDy2Eh_d8ltg8IGy7V-v9rc_v2NmLS5RwyHY0tJgKs9eSMwcIF6G-QIUDOLJFRAnDuvXAHcFxk6ECknp4k

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:10 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-018eb1938ecb3107d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitULyLXC_og5G0JDy2Eh_d8ltg8IGy7V-v9rc_v2NmLS5RwyHY0tJgKs9eSMwcIF6G-QIUDOLJFRAnDuvXAHcFxk6ECknp4k
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 87E8
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA7RLraNgWIHY

170 B
190 B

62ms
62ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA7RLraNgWIHY

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUIMDojGnCKSX8Jo55sCNj1bRfs3YeVrciO2z1exc7YBFgj4NLwudQQACLn37h-mbv-3wcXQFX9dx-h05frA7RLraNgWIHY
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 87E8 70 B
265 B 134ms
60ms Image
image/gif 63.32.128.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFs0q4x3t-zA4pJtEfjSm6w&google_cver=1&google_push=AQvitUIguC1CbFh5SzKt1oKTRG_MYcHnJG_UZuuO97bXpweXYELFjqh-YvZva_GuXgyi36pw19UJ4Joch0MXD2uuzqsAi8AMWf0
Requested by: Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.128.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-128-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 87E8
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1...

170 B
190 B

60ms
60ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:10 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULE_UCujqAGh-y45l0FznaHQw6Hk5nufH0sKKvlN1onEsQ30Szj0Zmg5_JpH4GrzIKm68c3ub5wmtVOou_lPuZXSpwoKg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 87E8
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzMDEyNjA2MjMzMTU2OTA1Ng&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUr...

170 B
190 B

47ms
47ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzMDEyNjA2MjMzMTU2OTA1Ng&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3JbZKQcNYB_w_AGI0UA

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzMDEyNjA2MjMzMTU2OTA1Ng&google_push=AQvitUI1mEL4beUCdNN3fLbm6Jksx_d5lJS-gW9YhoDfFlypanl3yH6Snq5PTPZE6vMr78b1ML-YUrT3JbZKQcNYB_w_AGI0UA
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 87E8 0
16 B 32ms
30ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkUBU7J7bqbFgcKTkDF6yHq4qachv9nch4Lh9-30bHIterk05IKejQBOPaRNyL0QInqnO5

Requested by

Host: 4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
URL: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 74D5 0
23 B 40ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=3144158387165560&bg=!BQalBkLNAAbUo7L91KM7ACkAdvg8WuBwVp3UNIeCejqYg7PpSa79EN_luKjAqbU3H7xbe6aUMSq4hwIAAAUQUgAAAQRoAQcKAN-oTq0uSEUtS5M1ry-e7CUVpaPKaHjjjqeDXCX8c0ayL1G9CFrRu8TccdLxNyLbp-L-JJlXU6D-wKnA7Ax2WCMXHQl9Lj6tumWnqS59aHrxg3ZshGDTQJPATX27bNCaodRzSP3a1BXvcvpRlYBQvJP80ADDlFBOfmFBLPdYvGtLAJRAYuj0Zzt7-HWyzenRmDhBDpKp2ywM_VIp2CHCbKfQnR9rx9ROUKbQwh7VmKAeyr4mgmUW9xMh7e_KpsJ_7bc1erjXXF2IrpPwPkklCBmAzqWvdAa5wkjK9JO58Q4-mQHXsNENaTrceataueQeXh6xnvefvQ2axtZu474qe_SKjPWOlKWY_ustX4UIKmsZeJ16Gawjk-shJG-2OIpk74SDWLz1ln9qIVbpYjNYdQwXkEQFJbb5PvTlSWBAqGRHceJP4-zMD4yW1dPxKPNVBax6qOYRfgoKgxJ6rF3LUrffISfguiZnv5V9t0_Nopcjl2agLj7hdR99XGBGEEsv9kdnCfc0gOmBrMLmZ59DuqACjfn95pmbZEQ4FJD95-jXvATfh3fFTDp3Qvl6TdSkZ-KD46LfFPtfVIgQZj1f7zxOGNnCSX-UKpTR_P8mQZo_bp9zjBY5ep6YjCDgG74guQt2lxgEu3bsn_hmFKYoDhi0Mq8Y06nA1q1c9VXvjP-2XvdGqQ3Q-RrOQzzHzEQ4st269Y0vZOVNm73U0Fbl_9K-oxiCo28V3j7lOf6oBhxnRxTDjm8V3rS2767AtwwMjDn3Kgy2KaUw_VEXS-LHlKvE0BYlhEbNY3Pvxz99MxnnDPDf6Y59L4Ttu6DRWkuA6AAhCU5Bpl3iSd8Kdcnn3xHmP8YCwrHzdR9d82Ba6N5KZUooj8N4Dn4e54qiiVfEXq7MlQ5DWvAglbWcjxWQsEDDDUW0cm71L0hb

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame BFDA 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 9897
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUImcgLAHuyK1WpvJX5FU8tpXcvrlfUTyGJ08lfXfiwqhrnwuGtfle_iLh9RaVLh9lECdTEEkZe3yKjSjlioS1u7Qu5UnfdT
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

25ms
24ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9897
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh20P7_p3Q4ABhVFHX3tYtt_MkCQCrKJPeOd8Tw-Kz0&google_hm=wWvHr1k...

170 B
190 B

37ms
36ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh20P7_p3Q4ABhVFHX3tYtt_MkCQCrKJPeOd8Tw-Kz0&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUIGz5vwJgfHYHNWlkYRmeHTE900wHQN8HI7Vbr-mp0HD4teWf_oBh20P7_p3Q4ABhVFHX3tYtt_MkCQCrKJPeOd8Tw-Kz0&google_hm=wWvHr1kP6_rYSFOGCTP1uw
pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9897
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb5HPI_3EWIr0

170 B
190 B

48ms
48ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb5HPI_3EWIr0

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULGawBBV89Dc2u202-JH90iZZi-BFXuqKuNKS1pPDI7641gsRJhovH_yUVPhsbYpGCsHfSu14S-7QdPTncb5HPI_3EWIr0
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9897 70 B
264 B 94ms
61ms Image
image/gif 63.32.128.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFs0q4x3t-zA4pJtEfjSm6w&google_cver=1&google_push=AQvitUJ-CKpRMFH_XWOhg8a-gPDqBqLwSbsn0osbtz-KZOljj0TyV73cbQPbHxohPBgtzsMWBZeQfcj_a2W2nDyrhJzJATxZ_vw
Requested by: Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.128.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-128-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9897
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEIpzwr0bWRmyTUTHopv2jpU&google_cver=1&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z1uEkjz5X7ur5MD1trfQA&google_sc&google...

170 B
190 B

47ms
46ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z1uEkjz5X7ur5MD1trfQA&google_sc&google_hm=EBAQEA

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:09 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUJo9UZ-1m23UJuoLISbH4Xhz-4FDWepcYSgRAP9Mv3PRxGPxvvOLTgStdHtsh7dLGFtVzNm9-Z1uEkjz5X7ur5MD1trfQA&google_sc&google_hm=EBAQEA
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9897
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7p...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7pUWfLP&google_hm=ODE2MDgwMzI2NDA4MjEzNT...

170 B
190 B

61ms
60ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7pUWfLP&google_hm=ODE2MDgwMzI2NDA4MjEzNTU3OQ%3D%3D

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:10 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUILIlFDNpH5z0juEqhW-Nx1TEKFEAkFmiIlN5Vv6rX5N6SbnytyOjSsMwGPPcLy70nRDaguxMDkVKEK2W3JxmNfR7pUWfLP&google_hm=ODE2MDgwMzI2NDA4MjEzNTU3OQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9897
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1Br...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoO...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQxODQyMDAxOTE3NTQ1MTc3MQ&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1...

170 B
190 B

48ms
48ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQxODQyMDAxOTE3NTQ1MTc3MQ&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1BrhZkfzkpiafkVBRmSAROm

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQxODQyMDAxOTE3NTQ1MTc3MQ&google_push=AQvitULwQxeLfCbg_wU4BY8IlN_r8rwEw3sSrK5Rp4IxATalw9Toi7olMyuHHHO_ZhpLP5LHnoOVr1BrhZkfzkpiafkVBRmSAROm
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 9897 0
16 B 32ms
31ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KL7qB_2o-2s66hfAq-ZSeTR1kJxnqwNTmgmCHP5N8qhpM5Pv0gYWR5Ch-0K6oHW2POMIzS

Requested by

Host: b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
URL: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5C92 8 KB
6 KB 18ms
18ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b89b378183d20c47774b3a1c3defff45616860483facb35d0ff41ed5e124b425

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6523
x-xss-protection: 0

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9944 8 KB
6 KB 18ms
18ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c0bbe4a047ad6ae2f8e97ce8adbf76dded98a4d41404c37e63c22d2427a1475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6571
x-xss-protection: 0

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame A669 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame A223
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUITHst-YioGle8WX_lqtv_gsizZFwGvAtQPadnu-vPNnS7fqncH9vAp0RDi0eD2LaS2NpLKDspGSTs5DVMQdLtIrwUxcuU
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

21ms
20ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame A223
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpV...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpVOvD_aeH9ACK5zbcOGsLc4imnPneFJ-uvX4f6mumq8X&google_hm=wWvHr1...

170 B
190 B

34ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpVOvD_aeH9ACK5zbcOGsLc4imnPneFJ-uvX4f6mumq8X&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJ7vB6ctITaKzCwo1gOaplmagDvdUqOdIrUhUuxeDD3W0cYKFAmpVOvD_aeH9ACK5zbcOGsLc4imnPneFJ-uvX4f6mumq8X&google_hm=wWvHr1kP6_rYSFOGCTP1uw
pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame A223
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKDaU9qOWZolyggspsazL0qVGJPJPJKe2Q20sYeDhq...

170 B
190 B

60ms
59ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKDaU9qOWZolyggspsazL0qVGJPJPJKe2Q20sYeDhq_KHrup7Ktik8Sj_I-3zkdLqs93dpzNdgfcOM_RAu0s9tgJflMBss

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:10 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0dbb3bb3e77219ff5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUKDaU9qOWZolyggspsazL0qVGJPJPJKe2Q20sYeDhq_KHrup7Ktik8Sj_I-3zkdLqs93dpzNdgfcOM_RAu0s9tgJflMBss
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame A223
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8Xi...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8XiXeHPavmV_Ig

170 B
190 B

58ms
58ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8XiXeHPavmV_Ig

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x7
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULqK97-8QmaM40mx1wWcddlKcFFtuILshXGnkwG-sELEBtUOcl4is8zD3OF2AVtKcET2EbixC-3HKicd8XiXeHPavmV_Ig
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame A223 0
16 B 68ms
67ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KTRnEwfXcs6_4CZLw7zVJtC7o1X7WbaOvrJF3J8Cr4tY6AszZ9

Requested by

Host: 2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
URL: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C92 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 42C0 8 KB
6 KB 19ms
19ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c87977a3e5a7e34b7929c1357c391dcb4143751723ebb9dc1784d042f591458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6460
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9944 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame FDDD 12 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame F578
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1&google_push=AQvitUJXtwowAHcJmgBhT7hvQSPhmrUiJXMX2ZmeRvNZrgo5UFdVb_BBWNFpkuiZCleE6gjmBFQIOAOhCJA1pja8SNk_EjVJ93c
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ3MzgwMTIzNjYxMzMyOTY2Ng==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1

43 B
407 B

263ms
263ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
Requested by: Host: ardra.biz
URL: https://ardra.biz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEAnd48VPgRCx_AUG4jS_20U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEc...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEcqavxa5YO-eY3M5JZk6S_guA6f40ERdA2JqKEKW5w&google_hm=wWvHr1kP...

170 B
190 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEcqavxa5YO-eY3M5JZk6S_guA6f40ERdA2JqKEKW5w&google_hm=wWvHr1kP6_rYSFOGCTP1uw

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKhp7EzExZZlcanKFjlPcQ1YCycLzI4rtACODg6kbkPgdfSPJBPEcqavxa5YO-eY3M5JZk6S_guA6f40ERdA2JqKEKW5w&google_hm=wWvHr1kP6_rYSFOGCTP1uw
pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJspOenQd-ntjffGX7Dvuo3YMYYs03FpP-7pLnStit...

170 B
190 B

68ms
67ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJspOenQd-ntjffGX7Dvuo3YMYYs03FpP-7pLnStitX5TU0QCuXu-kord1O9cFr-j48I6tx6sFwo7K-dG8KiUV5Hszmw6c

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:10 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0dbb3bb3e77219ff5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJspOenQd-ntjffGX7Dvuo3YMYYs03FpP-7pLnStitX5TU0QCuXu-kord1O9cFr-j48I6tx6sFwo7K-dG8KiUV5Hszmw6c
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J_JL6bDsoMTU

170 B
190 B

35ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J_JL6bDsoMTU

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitUKoUrfmxkcxIq7h3uUoBGY1mQB3qk5MFS4XtKCncmGuQvEHvKaAn4TfnCyFcaE7FUWAPEP_eY8YvT39-l2J_JL6bDsoMTU
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEIpzwr0bWRmyTUTHopv2jpU&google_cver=1&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6U...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6UJ2NqBwF62F_an4yER5g&google_sc&google_...

170 B
190 B

61ms
61ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6UJ2NqBwF62F_an4yER5g&google_sc&google_hm=EBAQEA

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIKDzY-fEBUlhGXDGUCX-P-hyvASsjyjqLdpr0ecE46dsZKjlbnpAT33oeBwgA7im9-XLQ8B6UJ2NqBwF62F_an4yER5g&google_sc&google_hm=EBAQEA
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1...

170 B
190 B

51ms
51ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:10 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULDTlMgOEUy2bKELDLTB0Gylq0y5ROdmHqM4aQJx57KYMPaxVGdOUWlhiaQUFEkg7XICE23FAtnApeNU2Id9-I31DQDjg&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F578
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0nv...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDE1NDUwMDkzODUwMDk0NDUyNw&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0...

170 B
190 B

49ms
49ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDE1NDUwMDkzODUwMDk0NDUyNw&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0nvZa4gzUo1tu-krd5EKAc

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDE1NDUwMDkzODUwMDk0NDUyNw&google_push=AQvitUJapq-aDHlV9xkBwuXLqrB2Y1JLfzTBtIgHmi3NnDGaoCBXS5fEg6laa7vfmWW14vJ6VzOzj0nvZa4gzUo1tu-krd5EKAc
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame F578 0
16 B 35ms
31ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ifb1RdG_0XbwnQhkuXoCshd90MYheIg8qXBv8BQiQWhPijc9AIYKT-xJqhgyf2TQxAdkNM

Requested by

Host: 2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
URL: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9A23
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPi4EuU2u4VcNCo8FZT_eMk&google_cver=1&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aH...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1k...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1k...

170 B
190 B

168ms
167ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1kP6_rYSFOGCTP1uw&google_tc=

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzuM_aiehqy33k8UuhGfhZjbaZSzdmyoPWuu5xIP69md3XshO1aHBRr5E6mCdJRRbxkEaSFlRXdsHVHdzc011Xr0hoK6M&google_hm=wWvHr1kP6_rYSFOGCTP1uw&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 436
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9A23
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJzcRfNbZ1KBJy2JURYWPGeCKpNDrITNuCOKKr-Qef...

170 B
190 B

40ms
39ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJzcRfNbZ1KBJy2JURYWPGeCKpNDrITNuCOKKr-QefyXcKemViW6puiP_oRJATMFomq4eTd5dRaf0lLL-Y0WYy-DW-wqcLM

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 Mar 2021 21:07:10 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0ab29fc25246f26bf@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHhMS0t2Sm4xTG5ta1E1&google_gid=CAESELv2uHPb15x9FkdHWW-Hz-k&google_cver=1&google_push=AQvitUJzcRfNbZ1KBJy2JURYWPGeCKpNDrITNuCOKKr-QefyXcKemViW6puiP_oRJATMFomq4eTd5dRaf0lLL-Y0WYy-DW-wqcLM
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9A23
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHqtkQ16pxO23284iKAQVas&google_cver=1&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0E40B79AQ...

170 B
190 B

47ms
46ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0E40B79AQbW7L

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 Mar 2021 21:06:41 GMT
Server: MT3 3611 f10363c master cdg-pixel-x11
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=zPpgVRJ8SACaMyf8xQxeag&google_push=AQvitULiqSVNgx3bv_oBG61aN_NWYmoLVwwrS3eg7kcudY-TdMr5ft60fBCD8w9ZHezZofkvqNKx7Vs8lUZ-vMB0E40B79AQbW7L
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 19 Mar 2021 21:06:40 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9A23 70 B
264 B 38ms
33ms Image
image/gif 63.32.128.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFs0q4x3t-zA4pJtEfjSm6w&google_cver=1&google_push=AQvitUIYmEzS7lyFkMgPXNNZKoo4vSSnudL_nQbyZ8de-q1lw7Rj2c7f5ycr0vzffkljtxA7fguJ8UMBjhKT3h_fAtzOCH7t7QbE
Requested by: Host: 0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
URL: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?v=1-0-38&n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.128.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-128-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9A23
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEA9BpxZrkuNttLdsTL7eRzQ&google_cver=1&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3KLBod&google_hm=Nzc5NTE2NDgyMjQyOTU2MT...

170 B
190 B

34ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3KLBod&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 Mar 2021 21:07:10 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUJCSPCsR0ixQj1On5xqU3vIPgNlt7fT_91vkQL7_JCoDRppyhU-Rxv-p9U18ZmqOdSXf-3oEeA39hg0qsc9Y4EqlV3KLBod&google_hm=Nzc5NTE2NDgyMjQyOTU2MTQ1OA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9A23
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECUpytAwhG9wm0O6G6JcSmU&google_cver=1&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH04...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk2OTUwMTg2OTc1MTcxNjc4Nw&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH...

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk2OTUwMTg2OTc1MTcxNjc4Nw&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH04esi_KPN2luRHEHiTIMgi

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzk2OTUwMTg2OTc1MTcxNjc4Nw&google_push=AQvitULZ-nruYQkqWHYbbiHOpvSLP5o2AAutmwG260MIBrmkfaffrqoYYaKwiANx7gjhxgBLEX_3oH04esi_KPN2luRHEHiTIMgi
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 9A23 0
16 B 54ms
50ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LZWSjJLs7A1PmHc3mq47x5I-AjwniW1L4xfZnmFsZVUoZ1THS-d_-s4sjTJy300g

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2110 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37cdf2294e66203bf7a072e28b7c591b8373947cea745a99044aaa9945fcd4c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6547
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 42C0 17 KB
6 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 56E8 8 KB
6 KB 22ms
21ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd1d97e3456031c71d58cfcede8ce3d8b2e5ea7eb16c75221fc647caa05f1f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6620
x-xss-protection: 0

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2C79 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb3687eaf989a815b08e6cb44a00f45a274a5653d05af79df791c0aac5e3921e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6541
x-xss-protection: 0

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 70B6 12 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2110 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060502

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 56E8 0
23 B 38ms
38ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=ardra.biz&doc=complete&pg_h=250&pg_w=300&pg_hs=250&c=1&aa_c=0&av_h=250&av_w=300&av_a=75000&b=0&all_b=0&d=1&all_d=1&ard=1&all_ard=1&dt=d

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 56E8 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js?31060501

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame E08F 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2C79 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031801.js?31060522

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:10 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 4C0C 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 0036 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 3C58 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame BFDA 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 6E7B 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10890
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame A669 14 KB
6 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame FDDD 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 70B6 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame E08F 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E55 0
23 B 40ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=88381192829480&bg=!7O-l76vNAAbUo7L91KM7ACkAdvg8WgFQFaNu8cTgL-czWIiUtdjUBlPOJ8u80I2A0A8jG7dx1MrSKAIAAAIBUgAAAD5oAQcKANJQMaA108jgQcQvTO7CIsiQPiN5vB9Z3sZEb-cyyAkPACpSUol3fJ6-hZej5LLIbVU7njqOyZFhz8aGkQA-j7dPGe9z82TqTa6mPAcLGePVQFQED1bv9SPXH02Pej6T7kBCbHSXgeY9y7xLMhSaeS2YXwf-erBcGHmfmpFziDd77LmxkCi6xQpCrS4Ve9PEYvoBi8rjQ4TMps91H5D0QIeJt8ZdjH0h-y8m6PKHNPHGgOwn65xc8rkWjOvB3dk0goSK-uVPk-sgp-SEUxdAiFj-aoqZAfJkhxATyTHfES70oQhmVsAK-X6Aer7GNuDCLDE8z6D3d30YrdCeD14NQo_KiZVtG9fFUy3Pt7jOC0Sf12MvnUKuAITdU35tcemeODntOJx25gbEx1vmlutqiQySo3iDJDJB5sX7HGCiCKhRS_hfb6kb5Sp5mDcUcIcb12VPl725k8hRG_YUUVXYIaNPPqoH4RQpKOi8kBrqNVwhXLDakxQaRy93Mwq7G2YJsISUkZ7h52tRK-yPOHw7c01Obu-qzEOupaeBi-v0qP_qNakiHfxzthg8HSWIVze-3pch4Ghen0pyZIglxZPxnrboJtZ61rce22II32n4QnvQFxwf0D5nxZ_jn16R2Os2lOlyjdDCNUBlB3tO927Afa1mBx-eorlAwvKWgZnwldgpguzCBgAozkZY99rVifAL9R7l0gD9B7YhivEfdJ2GxgDZIIxSvTKyTJBaB4-OhCDKfCgLFEga4BIMtSe21pk8BQmQZEzjoyRKH79ApkBOP8H78sGPjXJou60Vp2UB3ODpQs7sG8u18X89Mk5pyWTe4Q_ZMnunF4CIEd2cjtKBY_IxIf67-Xmr84moOv2d6JKnXEsjQWzKsPnMvmgQxgOhLkjgvF9x-yKw0NvW0ewwxt5KxN_QMy_IW9QjIBdKNmbefHtYC91pKSg

Requested by

Host: ardra.biz
URL: https://ardra.biz/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 21ms
19ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210316&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44a7523a82be211ce25cd2f42632eb384650e960f3edbc7283456fabc7d4a866

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 19 Mar 2021 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6562
x-xss-protection: 0

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 4C0C 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0036 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39792
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 3C58 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39792
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 19 Mar 2021 21:07:11 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 010D 0
54 B 106ms
106ms Other
image/gif 2607:f8b0:4002:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmgeb&c=4615458038003&slotId=2307729019001.5&qqid=COyKg8qhve8CFcSBdwodwaYLkw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4002:815::2003 Atlanta, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E7B 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39792
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame D3A2 0
44 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmghs&c=4795212685895&slotId=2397606342947.5&qqid=CMDJlcqhve8CFTvUEQgd3wYAtw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 809F 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmgjq&c=5972938531810&slotId=2986469265905&qqid=CPOymsqhve8CFcy8dwodGBIGnQ&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 3B2B 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ardra.biz/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ardra.biz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 19 Mar 2021 18:05:40 GMT
expires: Sat, 19 Mar 2022 18:05:40 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10891
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame FCBC 0
21 B 39ms
39ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmgsy&c=2408716794296&slotId=1204358397148&qqid=COTLv8qhve8CFbDdEQgdbdwK8g&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 869D 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmgvi&c=5074081037475&slotId=2537040518737.5&qqid=CMjIwMqhve8CFVnLuwgdQIoD6A&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 56BD 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmgzm&c=2514857279754&slotId=1257428639877&qqid=CKGExsqhve8CFStF5Qod9OEOsw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame F28F 0
21 B 39ms
39ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmh26&c=256269615489&slotId=128134807744.5&qqid=CLC0ysqhve8CFZFN4AodgF8MUw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 95AA 0
21 B 38ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmh44&c=5135596209974&slotId=2567798104987&qqid=CJ2p2cqhve8CFVzFuwgdxacFrw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 56E8 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kmgsmg9m&c=4180902568638112&e=31060311%2C31060501%2C31060344%2C31060367%2C44739387%2C21066613%2C21066614%2C21067087&ctx=1&met.9=1.22m~2.2fe~3_1.2g2~7_1.0~4_1.2oa~5_1.2oi~6_1.3v5&met.10=1_1.IIsZEAAI-MkEGICYdSgA&met.3=112.2o2_1~298.2zq~155.2zm_5~143.36m_1~129.394~143.3da_1~129.3jx~143.3jy_3~132.3mr~132.3ms~143.3o5_1~132.3pj~129.3s0~143.3s1_1~415.3v5~130.3v6~130.3v7~154.3v7~143.3wb_1~113.3wp_2~153.3ze~129.406~143.409_1~143.43f_1~143.48x_1~143.4de_1~143.4i9_1~143.4mr_1~143.4r5_1&met.1=1.kmgsmdlk~14.1~15.1~16.1~17.1~18.1~19.1~20.1~21.1&qqid.1=CJ2p2cqhve8CFVzFuwgdxacFrw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ Frame 6549 0
21 B 39ms
38ms Other
image/gif 2a00:1450:4010:c1c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kmgsmh74&c=2345747002910&slotId=1172873501455&qqid=CJas2sqhve8CFfbnuwgdsDYFiw&umsem=0&ape=1&ple=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e77611775121751e5ddf2b7cc6e6ca94.js?tag=video_mra/web_raspberry
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c1c::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 3B2B 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 39793
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 10:03:59 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1815 0
46 B 40ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031801&jk=3281094984279342&bg=!KyilKGzNAAbUo7L91KM7ACkAdvg8WpTcGPJNU3GlMW3P2MnRbsb91pzzI-Xlt4rTS2-E5P1u5FH8hQIAAAM8UgAAAVNoAQcKAJ32vIizi35513Q18kZ5Q6bGUHWZ9uZ7wc7kvk-liCTUq6lcv5utrLyfAB4OMt7koiVHJk78kn6KoOrlfytg1-AkE3BmWsDh2pKTvXg95-wlEDROSFXIujCunnbDR0D05qROyG6w6IUehbSWvRCKWp-EDXSLJrquR1-4zmLWWhhHYyIUHQ1fH3CuPbCTtJFfAbNOUFa9m24i4aU7zJFRmQHqlFSUPz1pt9_1GweG-ZtAJdvtpZRTdTgNL8s-eRX0RkIINz0DX3WzNFGhmIWV2LjmbjMxBk9UySnaAsSySB2_aZ5obyUJrrBenRE0lvkQPp3HxZer1bc0zc7HlDUJbBIHdS1FXFf7H1KQIrw7W5aw3VRnL5s2RDVBDHD2VbNeaXYOPPiAKl2hc6HDD3IDrRYw52OmvQnm35rk9BIgQPJg5v7lsl9nIvB590Snb2iVw-nWLoBeXWRTboYi1hWFb1NL7VSCWYWg3KX-BDaXS9v8QEyajztoWNRS0cq3ffBm9eAbtSdv4t8eXl7s4_cKmya78tUkbTUVAEOURL1m30szJTc1nGeqDc7TDMiM8_1Ns55AcC0rX01YC2hc9gm-5PzAVbGU_MNyQsjm3gBwQI3dR7a0DKE5cEejRsqiWzCR9Tjfn572XsGoIaESbC3lW4YWWnnhoHz2d-ZR2_WY10VskMIPKF-8laF27sQS1R2OcFnty8faz_oK4VBV-p_9HxQJCEm9rDAFy5kG1qc9RdeUdXMxKC6_QzC4_7ZH6E-fNg9SqOjny-qtUr-UkRJb4sYTLzNOlkrMgnnRWow1M4mtYZCUgrWcjo7DfO8ZOH2qVqnB9y-8XknzfabBICunVZHlrOzPQWqH-WJz0g

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F3C 0
23 B 41ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=658437449688075&bg=!yMuly4_NAAbUo7L91KM7ACkAdvg8WqbAsVVzB7sCferdNV7Fs1951RmQeYaFBqxLjTaeZWV3sOlTqgIAAANNUgAAAIpoAQcKAS9JCWt6WtHd5XIp98u_f_vBv_7E8ZCBEXxCYTSwOwE7LogQDRw49H8ZSa0xy_fWBJTckd-rxEoJcnzVjnDYgH-Yr6zTlQ_vE6pHkA2pWIIetymEHGgFGaUCQwK3v8MNfmdHOQsTncD0oZthW10ZYrr19xBTdxM2LwD6c4hJV5S0vWVA1xSbkkM-77onrUYCiXw0DgknGPHNwwLZufewd1cvQZJvg_Be4cK0jDqsRbEuDAibSU9UeqKGInNFlAU3f7UC-iJR83A9jNgfv4vYBUZaDCST4_gaDwTs-rTcKerL8HYQ19BS3-UNotHcXsJuvVRlU2exWwsei4ViUQOxGpXXWJECQ9Flj3-aFhflGeVo4vFSrWKCEDHuXOGZFui-4dD96EDwndr1QTR0bUY5DnSZAeZ05pTthmTeae0GQ62gla7BiVZJ6fGNhzrrujTlNo0Z-EajRUZAoOkc3-T40u_UwEtnmNFTR2L5mNrVdzaqglOzu9bKwVCfTNH1vbWh6kxjCDD-F9BXaMrvWYnbQC07OQcNDLlutWjFpno4Tjyr-c7IOXk9XfbwYBqiFu6KZ33sUjskwu_uz5559JDeg-Sl-0jh9VyZvyf9FJKg1iVHdE8ctA-JgEu_IqNZAM7ZqFuqn72sp6RZQSvhXkq304wH5papoj4daowgCeV2Z3hVKmvEuIzR6R4_xzagrjhgY0oxydCUSDzQN7SqNxAKkhQdWI8Mz8p7sN1zhkUopOpInSgzwc179ZmC3EUzuDE-NmVoPwGNFef5HYPpqsSBN484bXQt7g4LXqJWNoGEOhR1kjVaz5YkovjTOA6aNqTglS_lhTpS3spDa8Okt8sy0QkNC59ZVH40x8fbl4kPzWWeftls8ybP1qznbY9NUmDecUtrJVP5kySGJcbc5YawyjHQ2u50KwPB2-FVQyDuR5Wmbzy5TA-d7gc14i72zJSJ-venQC8xsXiaqOyJdwnTaRd4hqMXV7ypVdnO_kLAn77sO0EKUN6YZI7f3nQ-qd7fBqkq6Dy_mxCLi97uP24yBnbUGclB440sBbo

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4DF0 0
23 B 39ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031701&jk=3097014191257036&bg=!hoWlhcHNAAbUo7L91KM7ACkAdvg8WvIFCfOc1QMgf4j2xSHjuiaZgoeE0m10-CFXTuTkYhA1wla7KAIAAAPlUgAAAHBoAQcKAPUrOM7ckUhwxBwNUHkuUBI9uYuT8T7fDEWSwhggoCPy0YAKy4-qIAEXuDIVMPqsKX_hfSsCku6kTjRSHK5kNZQfo42WfhUdXeeTPcd45JgB9Sze5ZyhIQKIZ0N8BFOwonKyH2XGz9dtGlX8LixHcztAowIUk0DfcR-DIAkFDkTukik6pFZiVGdQFRxQ8M8J2QmDS82nBA8ptQT4u8kEP2sHSE20pFpdrf6ZOhAooWJC5K2ClfMVncx8fNc49oTE6GcuC5EhQBLKCp6A5ef3V4zDDpFFwaXUudpdn8m5f7RvCjg94pA_Go8T9o1n5Js6tdhLzfSTVZkB6_X3OQfZ3QslzSGp_pwiODmpFlyEYFhkqFuTTV9pNs6nRVtjkpRDdAvYDosg_UJRpe-ldWJd7CR6K7isFLOcNvnfEYajG3ZyCdDbMNUuYq_Q8nT7fshCHRlu7vHRlyLX_7EEz40fKe9X95bVYdJxKYQRbDSIVV6si-KOglSa5abP7hKcE4t_wGE_dwga5j5EWVoa123ge7xxlCj49ld0d7JY4So-qWL5--b9NcVcok7K59yxZJ_LRx0B5LtG0xB0uTtT7mOxzvVAN7x7y0G8Pu6iI0PhFuI5T5fkkJ1QOvR4-H8zwzSTUzt15rhNpMncIE4o7XzsFxv1z5_GEKuuY4Pql9O9m9EMvQ1o7Xz9vHD-CuC9496eGbH-C61J-nR3LqUVGMvYR9EskS4dLcax9w8_sX-xxkFbJIYcNbPGiYtgNzfVYno00SWUIyNyC05nK_XgjkcjbMedxedlyrK4ATQlrPatUuNngwQAsrALjqa35hElugll5xtrO3v67O_atF_CIRvdiLTUU3EE8GJM4POVFIQgh9kqp-J1f5bWZwqBZRHfFPJTCAomwspvRBiSjMDR61DLzpigMqLF_Ng0kcunrhzI20ehCklVAysoHom2VU0XANi_ScJ1ydMFoDJNJWR5uzjKAemQBTBK

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C92 0
23 B 40ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=2963498358765794&bg=!AAOlA0fNAAbUo7L91KM7ACkAdvg8Wj37-gtdlFJR1cINvGqmOrPKZVCn9kJGIARvPjmTnxBKFPVn6QIAAAOxUgAAAHVoAQcKAPWRVRqHOOXnTFNJeKcW7pXxFk2wLQUa6MfLxSriP_SPDIT38kEzNCCppZVwFGCkn2pVQ1OdAwHyWrnF_L23QJC38Gg6NOGL0gCUBxhOFqRygJL7tk14aaUUpz3TrzQusieSKBgQa_mBtswuJL4dJ39k8_ADSBxW_OiN_KCmR4vurP1OSa4m80jHBmLV6lKr4YtN2QANflq_VPuTN-vwTSWyhFPjPZOefwUH6ljtO7eWV5vZIduFsLB8jdz3tgi6VoSP4I4dLARnvPzf8CChaKfT97m0iN6hE-5OsjE8V_eMD3NBA3tkG_hBx_Zjo8P5UOUXki1DjJkB3n4zBODKYyxxShSGgT8TDqspIMMfyC15FqMCQJKQTrWtUrSdUFDtl-g-eqaD07sIJ8dltvd_ca3E41cyBFeJYmkES3zBe8h--ZLQbla5m3FiINkkwAxN7JJzhZBWGKIK6-f3-v0bVKKpbw2nUpSBLulvJVQtQbOPFq0T9dhEfyCjW7lToixcn4jaFbkoOPmF0017hoUFmCgFEPEfJC4pB-L3-Gwxe27kB5vaJql-Md2SZXh3Zj-CoVHHvO7SGA8z4v2L8X3OfD_NKJFQxj27NHh-RW11mBcQNcqY8MCTlfD8oNZUFC_eTeAGlDUlbb6RQqoPhSfsyx6mEhNVQ22YU3amXDVjxfNgEyDRnFOH5H5WlcR0AvXxVEMEe_x-whGu_bt_CFg3OM3IHZ3pW2tuu53gVqKk79Jz05r1s0espeOBn2g0-znID1ki524C1gDJUEcyU_PRoBnnRwfkFSQA8nhG2E0FLP6pg0AFTFQOwE7kXiHcQf-SS78Ymeos1Tbynkye04F-dc1GylNGpVTfH77iHR7-3oezaExXT9UjuCtH8zXjcxEheSYXNt9ZeZsbpzsdRDQ-eH-0AlpcQgCW80bk29QMDtqEImwyFmoCgP454jsSqyBAZ_dtyJQqyJU

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 56E8 0
23 B 42ms
42ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=4180902568638112&bg=!m5ilmNzNAAbUo7L91KM7ACkAdvg8WsmFReIj4cuu7F08jvo8Pm0_zBTRZ6_XdEj7rbXMe_NAF0cZUQIAAAMmUgAAAFRoAQcKAbdJDk0A5SbZ7kmQRGuxmmbY1K8y7KWDrNMd2TVc0q57RZGsB6rH-WHLjd_OJc0ujLd_pX2m56Gxv7kNwSdutiBCMxvO-IiZyZ2dJd_LkMW2Y51AP0896GWtPywzXM0jKQ3LhQbEAR4FLr45rfhGxxDb1058t4e1dML81DBhv0M7M66rXJJGV9rdjtZg2I_GvxpAQrAJCu2YXAqYNwULQe4jCkrYBIhpsZ4b1VJyMWjoRYvOlqBrQhJMSEBfNIQKxTRKWBV3MZ_zya-RF70gODj9a9m434CaxVa6Mqv34RrekyB0ohDMpwTBJPWaM1a5fcQbSs9-qscwU-BJbwlBJ0QTM6qQf6mWKwCp3tco5znTJhfp2zhpvFmEEVBQPV5IuQQhHRvkNk824EoBVKnPk0wbKHZ6AC7xvMWw8C-qylPXDoJ1Yfny7SrvuugtG5jgUB-G2mF7s_2kbyl8SYB1LtgzYZUslpnp7N3JppiMAObJvx25Nmx0BA_dRN8Ys2xigoA-_kgAl4mmGaF932aHQQGD1iaxcGXbyWd8qxTjX4ch15jSR02jHDxGlMpGUfn1RdKjYemVoOQSmQHQOMfg2YBQzo5uV7TD8UVvce6nvQ4mgYmQYovfRIUxa77_Kb3lMPh0DoYJx25IEnOuK6ZfMeK0sZuBhkIA4eVCPsP4VFoWZ-2OCxz9xsffJ4stKXrSQKMhx-ajcRAFG7ASVESH0igfQ6E-ctem_HwAOWgTSAiOGaco0RnVHK6mJn1gIyouJO575de_gFIPFgrzxTX9E-iUqoXfYdGmjxcrgjZeqfxSXqOH1kei9zbNacOcVzG6JCMYv7kBsv4dTR-_GwB_n1h7_7h7bWe-G02jSz-ndqvKzoLXu4E_9P74n33ddVWFv1x9ZAfL5nQ1tKrtA1Zp920XsgGckVH8ymedFS4v2GTZg44G6lerAsoqvBHrWc7vopcrH78yNpVc_49UMrZuC3PjDYFYmcm25VJD41eaNvmgly0L0bFoanhXyctCM_BhtqFEXi9tLrx1EQT77-7vmxYqk_eTHz_OLgZAhhCeqUnIgu8F8w5uYW90AY4AD6ULh9xIGuMKOo_bonVdkog2NaWJHfhKe65I6KAfq3Cyg8ELRQA5Rw42wZ0F8gppNFf0nOkHsq4QN3eXiFhkLDcXwSG9627HeVuTyeyXzwU0lCWWbfoE-KLUeYHtc3I

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9944 0
23 B 42ms
42ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=4006499115772854&bg=!-Pul-7_NAAbUo7L91KM7ACkAdvg8WtfyCGkeChlCMEb9D7hhRoRSrccAwlKiB9azRm5Urvw0Xpg1SQIAAAQ9UgAAAFVoAQcKASIB8gFgxFzLwIoGt8P66-Em4il3cmnhXTyou_RAPT2lUjGzviqtZ-GZGH9CmW1uJ0EG3CEqJ_FdBX44Xi4Bznp5vJSAkwCYB_sCynkw_AdFxaksE1MdQboyviJHXbReGxwWjQVX-Cbrxq2p1Wzt7tPO-zEVzh9GkBhRqdce5wSb8D--BL1ATJ76KvNd5K9UTmw6iR86xfuetArVZiipwM_9RotKu0Qdko9G0VrT8LtciDUgCsDdotzLhMShm0J9aWezP1LicKrfP2e7H6I7mECNh4w1L1GiA2UnSBAYu0PVeoEuTj7NXVdCTwbOfM5xUImPfsaLtIaUvOOlYupXCnjGtUWV77UVPEMlhIG5Bdb7gwScUTkWI3FCs4UXdvw1pXmFMpkB1L4R9wRl4R7fyxa830FKTEFuDAMRsQFhxDwr_xPF0O6UPGrj07SjBfrjrUEcCmEej6w9pN3T2aBeJSwX5Gmvq-fpcTEEwGODfKERWC_OD5gL55qimzuOIcz2wqrbgnN8Dednxd6r5tWD95utUJ50zp_bBgpcIsl6N8xqDArx3pXB4D6I43aAz3yDqlKxsXiqkxaTGLRYu1Lm2vS4ryvqQ5DFFm6fPBbHI9id7oUcKia_LBYDXmavt1KOEbsM5sz652jQDkxbfHGJPEtvWbxU_ln55UBXTb_RzHAuqU2so7sh4AnfDGX7VCxAx_3KrbQOKVM7pqOF4T_djKgx2HvTVszKCgCOC8XsEg07MoTHwX_ZJg-3BVHvenX5093PCixi0Yreysz7q-KgasYjv8jBmmMUzP3gLc-iaS97gnH_V8hWhh5JzXKpkmJFyEsmM0M2nfj316Qcb0cEUK7IGD45B5iLhcIy0KHSaVo9QDSNQsLgNCFef4VjJvzv9xoSWxi_i7VNFefXA0WBMXQK9myc2VnM8utuz5kF2rVptSgAGC2u3n8XCbd2rcKO_Yp1Rk2xndfbYQY5Do6_QLS7tT0p9YPE53Y2r0KTqJ6F-jQt6k88ebR9SQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42C0 0
23 B 41ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031701&jk=1241098040766471&bg=!FRalFlLNAAbUo7L91KM7ACkAdvg8WvKLd7JD5L9rfLgmxNuYFgqvCi3goad6vQwhQ2eYGo6pOq8IQAIAAAOuUgAAAExoAQcKAMYL9IMVdha7mpGKDBZD72oRzlL-qQB1E-6iewFmM07cvStSEp3Y9UDJ0rQMIs_bkisY-2DEiqNKMFw_-wjXX7zLtK4IwruVpn9xzE-6jbZxEXxfF0gSVVNLAqmVTpsXxwVQw09N4vDZ4amQ_Avaak7M641Jhsbkhy_Gli9sGiBD3Pakk5Uu5u7Pj7t1y0CmhPcDie-iznVgh283tAvk2t84EITX1A839dT0d6I0AzXSPz3FOyAvaGT6a-YstGM21EH8wMC8ZdyZAegJTgeRYjKmOLAnv2Jz5YyZY6a6Wj_IOedqCVojStWV9cDnWaXfMasrRZNuC_Saq-k5XaEcl_nPHnARFwqkL3iXSgtEn-sZudx2YbwgH1tpQtsYt7VEfc-8krFS2gOB69nesd9aZaGMifWGH71t-0W4s9cNX7_ow_sfNqrxhacj9swrDEpabrZ-TJVbm0NLugzic-enhBdaKpI01_EdQLMWhnDM86TewVK7MQkDW8rFK02fv_ST4ogdW_Ic34P9e_ZTSbiLHxu-kemNODeE10dBUkVzHUs65dB_Lwfep5o9-5xWin6AK_QGZE_rXZFSD4zE0WOhNeCtumMouMpKGEmG3vuv5msgg_QkqFc4P-2kbOEla1Kbs0BjRayX797_JpCKtnyTBrFB5qSSV7zK0fZ6n17JRrFEP8k2VMhi2gwtbTH1ObsvxYalKVyT4w7WmFdp6IU2gt1iIcUso2W6hySo4oeYNDo1lzI8uuBSLurfYpl4DHLR9gFClLCNLX7lUT_FnBVMNWXFMzgKK7EjNJRDupb5bQBjTBX1mk39iMYHOX1TUnArDwrbnc8NZyxFpGf-ma6jVb_MdB24_3cP0vUjEH0_Wsn1dS0zH9jYiE0eayskeq6mqK7ArThBxCRDsUI1HHpx2Em1VA

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C79 0
23 B 40ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031801&jk=3641001752435330&bg=!gYKlgsbNAAbUo7L91KM7ACkAdvg8WlaIFwWrVQJqDbOrwm6qGfl45GZzKW85dPGWWkQJnCVd_HbQfwIAAAMYUgAAAB9oAQcKAMQZJRlpR63vfieqxeDj8jxmaSVUEzjYN8SsBUjo-9PRq4zB3Oq6r_wAnx668algig4uc-vRc0_8VKBLSF3YhiZNXTGET6lhRn9m86KNLtUmPYV7sfE-XddeafjG3l6npFFeHhTusV8Ycyq0y8SIy6bJdvAhYLZ756PfXccgXLY5i9Y_7t0dse8yvey2edvNr3LV7fdHm3pPrqlHSaIYyVYZ1WFe3R5xMkUz_fi7U9yKsMHiT_Tin7F3kVm6L1j0HBLpd9d9mQHgFfLoT6vy6yaDJaQN5mO48GJj7VCRrF2pZkuA3vxqwHYbrRjMo32tLfHhtemxjRKHC6nnlP6gVKIxUbUXGwoW94YcpyvIizynkw0i8fZ0CRV6wtUg0MCY0vbUcYeXuz1L4aLMcLxmLyVRthyjuSwvKCo-984ki64ojuV9pQe8GZBHGFnJNHUuiOGmB_EXzcSDNqGsyPZfja201Yl6gZWuV25ToPlyU-mRhY0sWYnNxnAshEy80m8he3b3ITlPwfy3Vu0Ls3yAI3REcWLrQhhnTdsnSGOAogyDvMuDuCA44JtbYu8shDav81tg1f_q4BhceRJOcJ0S4fIQr6tVcZjHcK4hWiuO0f2LpU8EdLuMXNylGCmCd0K8IZ167sp_NNiSnVJaAlOGbaPXLgaC8SMJkqKaUDwdKX9KxCN6PkEB-XjoyeXKQ1KbYlWKDl5gx4X02EeUhiShLLfU422voaD7xHi9n5sg7Urb1SaDA-D5PY6h_1KiFklswSN9LblY_AbjMr9JsewqlpkskuPc8wMipUCRusCzDn_ameEr5jyw0k73WRF3gf5lNQvl0WHxdkWasPn_11CkkpInkXDX2klVcRcmTFX3__2Xo7QG_DuLF561Z2D7163UhNSEcSMFtBQR

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2110 0
23 B 40ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031701&jk=2110209188965919&bg=!QUKlQgbNAAbUo7L91KM7ACkAdvg8Wl0Ol-8FWZiwuZPkslQZUDH_K4HynB62L7Cd9rinDp4LIAWTeQIAAAO5UgAAACFoAQcKANvyh0iZGsRFENi8v6IQ3rGFaWpsw3Ude4_CsK2ZqDLw0TO8qve2gKph4x_X6VeQxKXXmltpxvPXB3MjGY6G_n84elBPjsbulYfT_PESbCo6ii0Po4F-zgHPUIjh6wxbf_GXpJNJJWVUzXf5S2P4cGPBycYzpTImrcrqnJzKfyxMNHg1P3OrqyMGuC1xIPiHvaGTSoQkoUuhVa3BW872mzRdCO8nILjLbdJ7mAilgAz3625OomQn9DgNMbI5s1qBxxJyaV0hLAezFc1_CFjtIy54SvANy3FKEZIOOgSZAdlXTpJvEpzrKCcfRAQZFFn5zA0bSPsSGuByLs0BFTb3DTeFfUtl0kzWRpEOoHi-i4QKfKCF_Dm-7YDkVn74u7nk-Hd2GlhRsOV8uySuRqoqThCvLQHpmqBmCfWoB_1D-DeU6cz4_ICS87jpTRvPDB5V60tBsTtMnzQ6Gg_ahv_71VhC9VA7QNgPOHwAlPi_NELK4tyA1cRx1Lcf8TEbfgD1-bz_rXip1l3u_EpWAsHLdQVF_I2xxNwFMkmqbcPYFz1HffTTxppNl8tUDrlbW1kzItlp9hPCydHqPSDj6nMAi2kvBU-21h-iirpB258C5u2WX-wv9puqzgvcqjtdbrOCtst1pPX_jczb76XxpfHANJP-w1jmMH887fO2zSU44xn4_6hvfy57QUO2r-Sg9pGJOu5ltKae8EJbAt5KD8Zf_n75mjLNUvPjSpRpLj5qz1Q9D3bNNTQ3pU5_DFV4lRD8niIQNabN0ZYzi-mDsCUf39KuVjND15g0q7Jvd3LW8eNuB-x2Iqxsg94YZOW-WwnK-NEiWFmcKjlkqbEAAQJdVGG5dtLo2agOnS21aO_clMMZ_4msOjb90SstBFf28JxqqcovA0VdM_YC73apelC6ki4NCEz69yQAxQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 47ms
47ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210316&jk=47452290458557&bg=!NDelN3PNAAbUo7L91KM7ACkAdvg8WvWFWkhNUYE8pT9VHLY-mgtFNGLO6Xq8E_GIDrtjcEZLjzym3QIAAAEkUgAAAA5oAQcKADaDtQESoQMeMT0hDDUmz-inENJynVYMhi5an6FVHI_yXvWWgrduydgTXnxd5hquJuedxrsmFOmZAdoG5zZpnv7isTl3a5qnM7rU7yv87qU01gwjdUTp1XqLTieICAS6D81WN_mR5sbEyWuWI5k2pWhCNHoLE_YqMjZZPToGK9ED0IwjzoQ5NDIdMCtWYRWjfq-kIEk2HPtHuKe_6eqOeoQuQZk6XWt0oBbIAeggz6yJr3_gqFWTEQGmKBXIpFLVGB2GfzO2VxaUVgrgNTOkhUzqgraxf9vsVC_FM3YBq7_4rkehPCK5gHaEgULDrTC78Uo9tQEV_vndMn9namLRaK5dhF8BYBCrnR1Tiz0_Y35aefCLVUZ9HyCSWdrc003zx1n8_iFS8uH4WhqqC_uLrwFPTc_PI9wp83fHKOFZdyqSRcmJ2ZiQ8rrLFNNVg6HwBEaHoyWnjjQuYPwotMQxZwJBBYLredsAzD4ZxGrNouro5KVRX3AFn2de4CGhQbCrJCr_LkJ_AljVuLm6406Y1Kl7l2KWvIE8LqElY10AJ3a0nLopq9fwKIuLHIL-efeofZajElDG2Gs7wC9YlLSMqzo0gCMi7MuhppJwv57OTJm4z5L8_MTHoDMunqY3m0JXlqFrr7fXMWa6-OcYz-d9bycC3s2MQlYxoRCbMCaxJsliji9Y8FL-2DRJIU075KkA057WWjI

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardra.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
338 B 18ms
17ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
210 B 17ms
17ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
210 B 18ms
18ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 99B0 0
56 B 39ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=1777.0000&a1=https&f1=layout_html&s1=0&d1=16.0000&i=496755196713&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F10470558476792580260%2Findex.html&qqi=CMHrysmhve8CFdLuuwgdT30D4Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1ACE 42 B
227 B 18ms
18ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 21:07:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 16:56:28	Name: test_cookie Value: CheckForPermission

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://ardra.biz/wp-content/cache/autoptimize/js/autoptimize_2c95c6f89211616f5cf2740591331e4f.js(Line 5) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://ardra.biz/wp-includes/js/jquery/jquery-migrate.min.js?ver=5.7(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://ardra.biz/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://ardra.biz/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0dc858389841658700b8580c2f92f898.safeframe.googlesyndication.com
2c883e9b086762e6fb15520e68f576b4.safeframe.googlesyndication.com
2f3f329e171952ef0b02c94bab51a1cc.safeframe.googlesyndication.com
454ffecbb4f1162873daa3d85daf9444.safeframe.googlesyndication.com
4f18668cd8ec6f933810168a725649e4.safeframe.googlesyndication.com
59fcd4d45333b60a2eebc83831c46774.safeframe.googlesyndication.com
81545921cfc72475095063b1e53d2a7c.safeframe.googlesyndication.com
ad.turn.com
adopdmp.adop.cc
ads.travelaudience.com
ads.yieldmo.com
adservice.google.be
adservice.google.com
adservice.google.de
ag.innovid.com
ardra.biz
b2385eb8374b48e27e499f01741b3bd7.safeframe.googlesyndication.com
bid.g.doubleclick.net
c1.adform.net
cd897304802350b92b9c653ebd142b1c.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.quantserve.com
compass.adop.cc
compasscdn.adop.cc
contextual.media.net
cs.media.net
csi.gstatic.com
d.agkn.com
d95389588832e1ed69b7752450fa03aa.safeframe.googlesyndication.com
data.adop.cc
dclk-match.dotomi.com
dsp.adkernel.com
e5d95f10a9514aeb2e38f39207884193.safeframe.googlesyndication.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
f178e508e4b037cd3f64f452de8d7a97.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
get.optad360.io
googleads.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
match.adsrvr.org
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
r.turn.com
r1---sn-4g5e6nzy.gvt1.com
r3---sn-4g5e6nsk.gvt1.com
r4---sn-4g5e6nez.c.2mdn.net
redirector.gvt1.com
router.infolinks.com
rtb.openx.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.addtoany.com
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
unified.adsafeprotected.com
www.ardra.biz
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
13.226.159.12
142.250.185.162
142.251.5.156
15.165.183.98
169.50.137.190
172.67.39.17
174.137.133.49
18.195.223.167
18.195.77.77
185.29.135.234
185.33.221.88
185.64.190.78
2001:678:cb4:bbbb::11
213.19.147.150
23.210.249.164
23.210.250.97
2600:9000:206f:0:11:a4de:2580:93a1
2600:9000:2182:9800:18:69f:d880:93a1
2606:4700:10::6816:46c5
2607:f8b0:4002:815::2003
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:110:c305::8000
2a00:1450:4001:29::a
2a00:1450:4001:62::8
2a00:1450:4001:800::2003
2a00:1450:4001:801::200a
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::200e
2a00:1450:4001:812::200e
2a00:1450:4001:813::2004
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:c::1
2a00:1450:400d:803::2001
2a00:1450:400d:804::2002
2a00:1450:4010:c1c::5e
2a02:fa8:8806:12::1400
2a04:4e42:3::621
2a05:d01c:1d8:8102:73b:46ad:270f:ab37
3.248.141.37
34.96.105.8
35.190.0.66
35.227.252.103
37.157.6.253
46.228.164.11
5.181.216.219
52.57.110.162
52.84.118.10
54.76.222.161
63.32.128.23
66.155.71.25
69.173.144.165
0042630b47710086ad481f009acc61af5599c14c555588937eed745b091a269f
016728d55a5655d3b670184853405efa895b7e7fbf735b3b088805a3cdd6c9b8
01a08ce9184d4848c68354c9e0e087fa00d3937ebafca3f83c246abea86a00c2
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04659f68e1722e022c9fc3132ad113c24847f376e67aed9ab42f84e7fae98b74
04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667
0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f
0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c64d6bd4609604f42fbebd74bb0301badf39ab42167ded4eb7ce2beb49f9db2
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
10aca0e7d2086773fc61645d0d2090ba02c1d1688314f1fb43b2c9d387bc72e9
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
16a7549e271a14a5ceac985dbb6cb7a0cdf2f9b7f9b00a3a7bb151eacf0b27ce
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1858cd52bf20d03a2c51fdae1436b4de6d1ad52fa3773fe3740c2cae5e73b30b
194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c
19f4cd225cfa3f6e4859fc01e28d501e629b812fea847af4f8f43a51ed276ade
1c898a2e3974c68708e2d5569e522f376dcf19c627de3718e3ce18d26772bda8
1cd09717b774ba96f864a009438e5b77936530203257c9a658d7aab0df5c847f
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e17883bff2afa2bba01768c13f88efc42833dcc150a6cfa74eb33c4942f542f
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
20af8487a74b89fbd965d855c8c24eee996a05792f8f197ef53de216da9137e8
22e74a3c1075c9b978c13a524cb9f173e023a34b581b1850469ef5b96f3977f7
23bafdfbbc6fac24847fcd5be286e85a8984a993ec24e8d23404f88f4becdd23
29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1
2cdeb295425a37a3db3e104555d8fa197e820b73f1c76f0ac0e94d60246d317c
32da5514b2a9691789789cfd69d675a7ad24405a76774b74676e5f47a1373bbe
3477e8fe3b7becd59943c9497c9a6cdcb7768f59f5c0bba0bcf981c923b25c6b
35f9b2dd81113b091c4b2b69404790ff42f8614efc93e1f43506161add9e544a
36150b70f7efd9527145b69185554111b883de7fe23918156767d9d3cd5da6d2
3749f2f24e16c8e9be4d890f82a03629983b243fe1bf7b35cda43b24b86056e2
37cdf2294e66203bf7a072e28b7c591b8373947cea745a99044aaa9945fcd4c3
38bfe27aa55466c19326517fc58873a4683f89eca960702c0917b934fb084bd3
393c0a39f41e5b14bdc33e5f5093a0d3ee0fb50eb4043d35e8a1995b5d2dd371
3aac8d5a518c2edb4f34abd05e10d99460634f9e3df5186703f34549e88f34b9
3ac383f7650b2491aabb39a776a52c367ea1f9bd4d7f893ee6eed8394fb20f46
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
42d7b4c2ff1509e54e121eb189e782ba7cfa4f68a42f29e7feff7a2207e64b6d
43b453f67c688065a69564baa0d667e095d9b0976b7e702d37d2e9856e8992c5
44a7523a82be211ce25cd2f42632eb384650e960f3edbc7283456fabc7d4a866
45699e6af1f3e01dd884910eba724a4d52ac9c0dae595bc1cefbb4004b2df06b
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
471eb448db387c12cd6fc0598c12f3c4410056426df3b43ada8dd0fad5fa6a74
481e249c297579db673cce6f5c6d7f1fcd55c3eb2f7c1e611efae2e67ace843d
486bf4580d9c44b68fbc985617299c80c32aeba569fa9a9ac8dcc3f5e5e83ba7
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4a8259a78ae7766821f45239f498f8f62f153a87b42480aafcd3921875f24296
4ac3537cdc9bc4b6dcd500b0161c2a585f0fc9b634f7b1db6f7873702858df88
4ad8e065621accda77c2c85320bd733777c079556163f8999ca3dbdd1c3073a2
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3
5031bbaceb00e8b2b3a88a3b239e2132b465c5d3d4aa3e4f8f4cc51643df6944
525d962f74351a37a67b8fc493db03b35a0d1076fb68e5fe4e092c365e25d970
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
545a76d15509af52b2db44871743a488b7c3ac34a8c40c6cfdfdfed79985f312
55c41886d00b031bc18409143ba0ce360fed339edebe812ae52baf43a5051c83
55cb41453b69db04709a43687e6c6372c7d96ca3317caa9b9115d0c8e14ec736
570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254
58cb6b1da180a0fb136ff3f3061e29b18311d05310ef795a30a07660ed4a845c
594a3b9e1df9800dc10fb59f32cf38f1091a18d64317bf036c6372d1172df043
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5a0a21b0f21d241c5c92c0c8e5076a117a0c4f242ddeccac5553bf32131e066b
5aa77a95219ea5b3b16b99251ebcf114b94a93d7516ef50acf56f997f3e1666c
5c87977a3e5a7e34b7929c1357c391dcb4143751723ebb9dc1784d042f591458
5dac5f116f232cce83dd3b5b37ce2b25585dbc3f7a44a35346f83821e20a00fb
602a8fdd3fb782c7e4715c3fed393d03da25b67bbb2b98d7deb3882aa78db3a7
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
617b4de6f30f283d9fad8503dd4a99d0b67a2cfbd67e373d55a8180cb23a7480
66b45568fef2ad5b4bf571ad8abf7c30ae5145db9cb2c6d077d8bbf514f0734c
68c6992c5429832eed274d1f84f6be5b7060a5a075d6c9e00ffcd6fc0571db93
6af4fbf432f9344dfebbd698f225c67cb79e5211fd34ff0d247b3b1d4bf3971e
6b5e45322bac7878b67a240cb2752b7ce165bce3eedac3a27a24dfe9179aeaf2
707089c9677a5eb7c4f3d8a16b02ec9dc546df8a0149f70500eb4b243f91eca4
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
745d349af5cd3b06d8d2062f7c4b633a74f964300d533d156dc2dfa3b3922255
74701d1b03dcb606710d7cc01bbf35a36ad5e5e443e33e55894a013f0d65aacf
74aff4addef98bd86f6a8b3638679bf79b68c589ee862d3c9d8a470443ba4542
74d9a7a7ec320f4f573d1e3b9973619796cc519e9610bb2ac20b27d720d5dbcf
760943c5458d877bf9b8cb655c079df027c5f4d0814a7d39968101bbd5d36016
76b7887cf7a2205d76c670d062a25d88b195784df447cf7f261c78e4784e3878
76ca21e9ef499b5349f54c4be3bbe63d46188529b6dc0f345fe40f12ec12f482
76de05ef38c3493027e88617f808b48e1683e54a4e2989862d1afc85933f01eb
784c2637c3604a3e126b7833fe7484d566e9c325e0b746a3b378c38417d00a3c
798e6fb3aeb368af9fecd8972841b0d2a611bdcc29cd7708e927843a7eaaa740
7b8b569ac53720feafbdc45c061009d2609a50814723c36dc87fd56ac3148355
7c0bbe4a047ad6ae2f8e97ce8adbf76dded98a4d41404c37e63c22d2427a1475
80b6db1663e3df8a83d488687e03135fa5ae7f5155e19d9cd303698c07abd82b
846af461e0124fe361072318117c8fd1f70925243f6d3504554b2378ace9a806
849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70
869167ec265ae2af68bd326f0291037a9a4a3950e00bbffa1854c67efa0cde24
86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982
88f0d232552492bd8bc408d9eac5029fb637ffeef3244a4b7756f7e6e28a89dc
8994af594d5b44a2244155d9e567be672557846242b3c65ce86eaaeb652c3744
89e1e1a03c9d24214b68d4869dc9e7afc20e36e8ff9671d3c30a27e0265a7ba4
8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d9b4e8baf2d6296710fb142486efc074d1b4295512aa4125465410dbfd1053a
8df480865ef8a7c05d4c027f411316b42d88d8b2bfca6b98ef69d526b9933a11
8fc88694f8303cf5bc6e040717a6556716cb99600b5351846162a89cd9216ed4
90808ca6b0da8cd126dd8d340a08570358434b9e9609e19ba989aa47361b1b6b
9152b4f342d82839152f4fdd76b4132d04d5e60c8e8e2fc5e03f81d116e87b7c
941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c
981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a14d1a7f7fa4b8ccbabe55b417ddc660997ef1cb5290f94c7f4f39c69bb640fc
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71f901b83282f322e234cc0c502ff3603acf033f42229195f95c5d15da6d814
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe
a969f26ca3533ea4097fb371b26e66925a1dbf4fb830163f6bc90109842d2f59
a9c59945c470e1fabdd79c4f07d0d22527869fb4eca62b78ad95b30e19ac9626
ac0ca827cda27d5ab4cf5734e5b7364501b54ef9aee7aeec699a1caaa0409798
ae23e9edd1b893834eea14e9c08ba8f89dbed774f9a1d0e76bf40b8705373f77
ae31abd20931ac70ca57381ebeed30009c8343f1fb257f0d90e64b6b137262ea
b016870dffecd4fea0a30aec0f4b25e54a5f833613ba4c076489a58b70e41af8
b095daa45c5aedc085f2017153d1aa6507ba6475cc0b7c7918d1eaa557671efd
b3b40efb9884b3b3e0264f096160c5191a251b1862612e46e6af88ce632db99b
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
b5bce33baf5bfed8ebff8e76adbb8d44ab78a22f91c32b8db235c1e2a339f539
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b89b378183d20c47774b3a1c3defff45616860483facb35d0ff41ed5e124b425
bd3bd81ea6cf3bbc82f89913fecca492e79318fef844c664a790ff2db72e5590
bda475c91788f248cdf75b323ba2f8f03e7453d294aca7216662430d1255a0fc
bf3e6af7bb9d3ea1d4bfee19d1156138224ddc4dc86511fd6825cee6583bc989
bf753eeea3d8c5f738612e219da1d90a3f0dc46d8ffc5c54b97ca1fc2ab762ad
bfdc7f402c2556f33f2342ed3d61f6a5054b09c8105258e959dd6494b80bee80
c3369adffafe4377678318de580731f6a7b31030f9d0fb10256aa98d8ed94af1
c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb
c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770
c545c406db9f50b811b4f83defa41e1e320eda0f1c1b589354773450087f4c07
c5e41e72dd03ffed4c3b46d7772b581e725acc5b42d7bc735d423d2eefa35e5c
c61d8e6fba33ae1950175e6d931553b9e1703f97600a6925dbe20361d2737951
c73b926736c92744798f6533424416ae258cc01a851dafa7c9373a72046ddaaf
c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5
c9ee01ee8903499cb90168df3d5de82fdcf4660511aa12e06207bca6ccfdf064
ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c
cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3
cbe3a673b27b49349e7d2bf044cdd0ac5973629486f99c2c9ef5bee9571d9fab
ccd8290fddf67fde39c51530515555cf2edb5e429cb719819399305ebaa57fe4
d5cd4201e4638343fd1efdaff784ea241d13c5b66dacf732b0734aa483072eec
d60fd069833b391e741dab1a17e3ac007796f913f6985e0311cc5cbc5cf59272
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d756f6c1663fe82079aa01ef22f800dd74ea71fb37c061d970c8ab0f60d70690
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
da1dbc82bb4abe400a3edc77dcd776fef666224893f7b0bd02ab88799c4eb220
dacaf7a8a397ec2936a18971645c3caeaeb6350a5f7b63f31c4ed8179b8bed02
db5c0e9e0db8a7c6c919e8ccb511f9ca8073128eba825eb8ec1113daa4386881
ddb95732f0fbdf94523e6d365e51a2c0c13721f1e9470fb83d79133591e335d9
df9ee30856a18a503e3737dff076da45f40e005d14e02e7fba207a9cb5cbb1ac
e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e37cedb3827443e749251490ad025ecf14b1bcfc519b1537749fae84710ade18
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47a27d91c2487289d6607ee10d7cb7b31944a5ed3ff5ffc86ec8526e9374af0
e48bb88098d48ee1c703e7b30a96182cda9e15878a343d56aab653e1dd61d0a1
e4dcc367c60026b0f7fa3110fcc009cb643afccbd9b3732b02e00b80c0e14f6c
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e9f47b153cc32c53e839d6c2fc232d9e6aa0a83762accb16be58e05da36f9b32
eb3687eaf989a815b08e6cb44a00f45a274a5653d05af79df791c0aac5e3921e
ecf0ffde6e56a2c058421a0ca1a3446a00d047de48239cd168f7eb93a07a9269
ed61c9b7686e4bd72cd89e7b3c56d6fed8f9a5d5dc8731f816b32d4fabb43261
eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10eac15ea0007b911f67230ddd74196789d0a066c09d704bad89f3811048409
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f3b819d87250e134bb307e9d48f46fb011c0ba20ad01ba00fee85df3e6d05b9b
f49e5eccbf420949ddb76cfa2ca1430c8f733b06fb2a35d8fed1182b41613530
fa885ed10e3f20297502fd35796562e2cf93f6c791f9868f7d2f086654d13d7e
fac539cb302b90dbbabf6a10fb47e163970ca504451de0deace551cb4adfd6f4
fb0d29a0e37e475f9a96298f57393125f1b909871e800c36d4b6e8cb8bcfe776
fbca563229a4014ed4ee64f8fa9669a188a40bc9adc92b95802b9c05f5eff792
fd1d97e3456031c71d58cfcede8ce3d8b2e5ea7eb16c75221fc647caa05f1f79
ff0bf60a9a4df9ab4f65cb23f17a2ee86eaf6b2511108d1861deb207663cfc1e
ff28b7bafd0d63947fa6ecaf304efc6f15fd297c4fe352efca937a0e6daeffcb

ardra.biz Open in urlscan Pro 5.181.216.219 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

649 Requests

100 %HTTPS

53 %IPv6

45 Domains

76 Subdomains

43 IPs

8 Countries

18954 kBTransfer

28831 kBSize

1 Cookies

14 Outgoing links

Page URL History

Redirected requests

649 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 43 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ardra.biz Open in urlscan Pro
5.181.216.219 Public Scan

Screenshot
Live screenshot

Full Image

649
Requests

100 %
HTTPS

53 %
IPv6

45
Domains

76
Subdomains

43
IPs

8
Countries

18954 kB
Transfer

28831 kB
Size

1
Cookies

649 HTTP transactions
43 data transactions