deva.cnvids.com Open in urlscan Pro
2606:4700:3036::ac43:b2e0 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://deva.cnvids.com/loadcn/?redirect=aHR0cHM6Ly9jaW1hbm93LmNjLyVkOSU4NSVkOCViMyVkOSU4NCVkOCViMyVkOSU4NC0lZDglYTclZDk...
Effective URL:
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Submission: On March 18 via manual (March 18th 2024, 5:37:14 pm UTC) from US — Scanned from US

Summary HTTP 111 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 19 IPs in 2 countries across 13 domains to perform 111 HTTP transactions. The main IP is 2606:4700:3036::ac43:b2e0, located in United States and belongs to CLOUDFLARENET, US. The main domain is deva.cnvids.com.
TLS certificate: Issued by GTS CA 1P5 on January 21st 2024. Valid for: 3 months.

This is the only time deva.cnvids.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3036::ac43:b2e0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.78.27 192.0.78.27	2635 (AUTOMATTIC) (AUTOMATTIC)
26	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.197.245 139.45.197.245	9002 (RETN-AS) (RETN-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
2	2620:100:a001... 2620:100:a001::24	19750 (AS-CRITEO) (AS-CRITEO)
13	2607:f8b0:400... 2607:f8b0:4006:80e::2001	15169 (GOOGLE) (GOOGLE)
18	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
2	74.119.119.147 74.119.119.147	19750 (AS-CRITEO) (AS-CRITEO)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
11	2620:100:a001::9 2620:100:a001::9	19750 (AS-CRITEO) (AS-CRITEO)
4	2620:100:a001... 2620:100:a001::16	19750 (AS-CRITEO) (AS-CRITEO)
2	2620:100:a005... 2620:100:a005::14	19750 (AS-CRITEO) (AS-CRITEO)
1	2607:f8b0:400... 2607:f8b0:4006:809::200a	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:80b::2003	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4006:817::2004	15169 (GOOGLE) (GOOGLE)
111	19

10 2606:4700:3036::ac43:b2e0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

deva.cnvids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.27 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

href.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2607:f8b0:4006:823::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit-pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.245 (United Kingdom)

ASN9002 (RETN-AS, GB)

keewoach.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::24 (United States)

ASN19750 (AS-CRITEO, US)

ads.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:80e::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.147 (United States)

ASN19750 (AS-CRITEO, US)

cat.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:817::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2620:100:a001::9 (United States)

ASN19750 (AS-CRITEO, US)

imageproxy.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:100:a001::16 (United States)

ASN19750 (AS-CRITEO, US)

csm.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a005::14 (United States)

ASN19750 (AS-CRITEO, US)

rtb.da.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80b::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	criteo.net static.criteo.net — Cisco Umbrella Rank: 898 imageproxy.us.criteo.net — Cisco Umbrella Rank: 5445 csm.us.criteo.net — Cisco Umbrella Rank: 5238	202 KB
31	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 143 tpc.googlesyndication.com — Cisco Umbrella Rank: 204	617 KB
13	google.com 1 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 724 www.google.com — Cisco Umbrella Rank: 5	72 KB
10	cnvids.com 1 redirects deva.cnvids.com	101 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	88 KB
6	criteo.com ads.us.criteo.com — Cisco Umbrella Rank: 5133 cat.va.us.criteo.com — Cisco Umbrella Rank: 5462 rtb.da.us.criteo.com — Cisco Umbrella Rank: 15250	100 KB
3	gstatic.com www.gstatic.com	16 KB
3	keewoach.net keewoach.net — Cisco Umbrella Rank: 149883	35 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 387	10 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	2 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 7780	545 B
1	fontawesome.com kit-pro.fontawesome.com — Cisco Umbrella Rank: 47023	25 KB
1	href.li href.li — Cisco Umbrella Rank: 90641	382 B
111	13

	Domain	Requested by
18	static.criteo.net	ads.us.criteo.com cdnjs.cloudflare.com static.criteo.net
18	pagead2.googlesyndication.com	deva.cnvids.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
13	tpc.googlesyndication.com	googleads.g.doubleclick.net deva.cnvids.com pagead2.googlesyndication.com tpc.googlesyndication.com
11	imageproxy.us.criteo.net	ads.us.criteo.com
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
10	deva.cnvids.com	1 redirects href.li deva.cnvids.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net deva.cnvids.com
4	csm.us.criteo.net	ads.us.criteo.com
3	www.gstatic.com	deva.cnvids.com googleads.g.doubleclick.net
3	keewoach.net	deva.cnvids.com keewoach.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	rtb.da.us.criteo.com	googleads.g.doubleclick.net
2	cdnjs.cloudflare.com	ads.us.criteo.com
2	cat.va.us.criteo.com	ads.us.criteo.com
2	ads.us.criteo.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	deva.cnvids.com
1	my.rtmark.net	keewoach.net
1	kit-pro.fontawesome.com	deva.cnvids.com
1	href.li	deva.cnvids.com
111	19

This site contains links to these domains. Also see Links.

Domain
nossairt.net

Subject Issuer	Validity	Valid
cnvids.com GTS CA 1P5	`2024-01-21` - `2024-04-20`	3 months	crt.sh
tls.automattic.com R3	`2024-03-05` - `2024-06-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
keewoach.net R3	`2024-02-01` - `2024-05-01`	3 months	crt.sh
rtmark.net R3	`2024-03-02` - `2024-05-31`	3 months	crt.sh
*.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-12` - `2024-04-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-17` - `2024-05-17`	3 months	crt.sh
*.va.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-31` - `2024-05-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.us.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-29` - `2024-05-31`	3 months	crt.sh
*.da.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-14` - `2024-04-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Frame ID: 10947A757667985CFB711DC586B84415
Requests: 37 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&adk=1812271804&adf=3025194257&lmt=1710783429&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783427800&bpp=945&bdt=482&idt=1457&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5092844924851&frm=20&pv=2&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=1476
Frame ID: C85831BBEAA0858233B85231026D5D52
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=1674586623&adk=2405132336&adf=3724739225&pi=t.ma~as.1674586623&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428746&bpp=2&bdt=1428&idt=541&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=548
Frame ID: BCE14FA80002B339C59F4C8274B17D46
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=4652718739&adk=3408507837&adf=525072173&pi=t.ma~as.4652718739&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428748&bpp=3&bdt=1430&idt=555&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=558
Frame ID: 5EAF9A1EFC60A808065E0137454DF3BE
Requests: 8 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHiykF_fmgAA5Q8VUOFeq-c9VJb8KvJw&u=%7CwAxvG2i95LRo4uplih%2Fi3h4T0YnwEHO%2Fyz9inFjIKMQ%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_c7mnO3CbWSziRk8aexfaQN8pwI528gfIHbtOL-CS7lvmVPZaRuJCuqKk1gwTMlr_-r1s73bno0NwkysF4sPFrsGoV8PH4mo5_Qkojsdf2Yg_xw7y2i6Pq60UFJmwb6UHxHhxVbLXZ1kSkfTmoVu2tOfOInOC8DrPLOHBm4dmpf9uhnIKZsqNZwDMdNYESLZRy6bOSKNeyG6AlWs4kUxbrhVoLUmhao8W-juXAkLo8WPW5tp8sSm36FUwiYfUSVNotDaPo5LqRkp9SatP92qlbOom5s03BXZSXtRN_73Vh86X_4C8GPmijmamJ2_6P_Yb4Lwvy176o-g43dhILajjIG723E0Cx2fqjk86Iz2WvOI300qa7klG2xWyWoj1ATb4tcUnID4igg1kzME3NbSMbtG93YHon3qm-tnLlZ8BlmwJyO-6RN0kf_JXCcA4Y3BSlN7mbG7WEwCr2hP5JIjtZI8qNKIErvb5fgzEgjcPD2RIq_0Y18eU8mTey3EQgLDQBU705IX1y3kNKPM9UBFvgYk6ylF5lpHUrcX6RqNp9xa9js1uMueY5mFPeMznC9b1q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC95fZxXv4ZamWHqDz998P8aG50A6cge-wXLLtt52dAcCNtwEQASAAYMmGgIDco8QQggEXY2EtcHViLTcyOTI3NzQyMDA4Nzc4MjPIAQmoAwHIAwKqBL8CT9Bu5WQi0lZ4QVAOfNG5F3fWK1MXoqbjOZpKg3rJNbneJ2d7uxNcNNswy6VRCDCZmXrW2p6rw0kg6dzJHpVzboalYKurffKOlHcNAaVdYbFe4mAw4xWNw_QxXhf5J9EpDZeOdokbyuvuk5-z-JvpNXwuXtWgEi3CIypdR3XNOsyYrhiKKI-K85xRanfuBmJ3ps8g_nI-nnciy0FqYH2kkr6iR9oD-x_XOvRcflPalO6ZaTLBaAGmQ4mDxEyF4Ws4mksGBfL0GGA3FRctCFM0ao5rSlBdbYcZhTrVt9f5DoivZWKi0IQfQcAkcDfHrBfK-AhVjidAMvVPl8JPfm39TEVhT0J-tNO0-cgMbiHYrT3EszFRsjsI63pUkgM8Gu0_W7tWompZ4K0uOY4ukbip7UtlDQ58yjMxL0Int-BykIAG4--Z87n2pb0EoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY2Jnn9Kz-hAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1amss2LVeEiaDfxUOdqqQ2HPDqrw%26client%3Dca-pub-7292774200877823%26adurl%3D
Frame ID: 343A0E4F9502D5C6C1D4E246BFC243F6
Requests: 20 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHjOUIuM_7AAEvEbIa-z7s-gdVTETBwg&u=%7CwAxvG2i95LSh1JlSLmUigtdfLTvT8lcGRv%2BhRW8sY3s%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_cS0uNFKEyYQCn4A_v6_r4BQMRnR-pTBORpcx_qqtbUAqZm2Ls1CicBewOuCajqXPHVOYt8u5Ge5xQ1UauKK-9O4uZeIS86uYXg4lJA1AuaM5-dBRvYgOx4xuRaZ0XVOmcoU5NnRoaGVI5a2bVal66uyMLHXaJeRM7SW8aKhBcQ9kYylnZYDQ1THaU2vDzdjULZLoerAc-tViyzTmmUgdkYMfMJKgYfFIYk--m1sluijNDnLtqfCz5-A3gJaoOTdJrn_P1cJde6prvlMe744tvW0T1LeQOo9t_baZdeeeHV7cbYjm2XXM8X8gai7ppzrHCwUtSvt2Qb5yM5wTu9eNZRBL6JKkGs1lFe6BQsjNj4TJS-yhn-qjEghxf5ipppMC6g4q0r_kFuVlW-IlZBs6zkydKVft-_NDZm6OsOjlj6oMVWpEn3Rf-BThh4dBESJH2yR2i73IYCu5JnuDDgra8z_wF-JrVQMrypQ3vg5_v1bMI1ful8Tmb8lVtAUeofiS_DpQ51dWhueckdJLF8prTe9kNcnfmsxuIEgY5pX0QXw0rr8-EV4DKgw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3VhAxXv4ZeWZHvuf4_UPkd6EiAGcge-wXJrwqKp0wI23ARABIABgyYaAgNyjxBCCARdjYS1wdWItNzI5Mjc3NDIwMDg3NzgyM8gBCagDAcgDAqoEvwJP0NJuUGrmdwmS7B_EtGlHyGfQQh4PyMEggcuZMICf99y-1hDEH1nx30RglSkJYAljDNSHaWVO8ZRsiQk9E8u17ZVQY6I_cMh1q_8vVHRS7C5M7A9aUHvDAy69VVrc1CHtNcvWkFD-HJqdQJzGmz2Jhzz9gijTed1fk6ipz1xFPsfvDul-Qh5-KbZ9-xjGlCnwHXl5onE0ainndQgFkXjW29Jy3eUTZeD9STa4DsLY2R-mxEG7CHWaJomfnQJz3H9DmDPreHOZETQeMFrzwBuciTrIHIwjJN2Dd-5yepmt_AUESDgCeZQR-FdARlP9wt5xq3gwJkTqlkA6rcLougwJHI-zqONxdJ5kZJbiLxURxp7DFPRlHC4_ZsRZrvDXwt-gVe2yKunAYkDMkSytpIpxF004c3y7LDVXhfzIyTLngAben5Kus4f2uymgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljRoOf0rP6EA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0PvvryndWZrEZrCxUWeTj63sxr0Q%26client%3Dca-pub-7292774200877823%26adurl%3D
Frame ID: 29CFE62E738D98B873FE9D45359F4605
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html
Frame ID: 19270C20225325E241327E4A815236EB
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: CC8CAA5A4B5FA31FCA565A0445731F63
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1E35F037E322948DE97B5B1A70168470
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/baSY2O45eIFBeOgq1vPVnlASrS1AjKGi1V2DTNGFAvs.js
Frame ID: 2745EE80B794221AB58032F72621F2B3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1C5E0084ACF54364261B8C46D6CEA9D2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9E2A9E629F9023BCEEA4F2B1DECED2BA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

نبات سحري للتخلص من الوزن الزائد بسرعة ملحوظة

Page URL History Show full URLs

https://deva.cnvids.com/loadcn/?redirect=aHR0cHM6Ly9jaW1hbm93LmNjLyVkOSU4NSVkOCViMyVkOSU4NCVkOCViMyV... Page URL
https://href.li/?https://deva.cnvids.com/redirectingcn/ Page URL
https://deva.cnvids.com/redirectingcn/ Page URL
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html HTTP 301
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
<link[^>]* href=[^>]*kit\-pro\.fontawesome\.com/releases/v([0-9.]+)/
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

111
Requests

100 %
HTTPS

78 %
IPv6

13
Domains

19
Subdomains

19
IPs

2
Countries

1268 kB
Transfer

3404 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://nossairt.net/4/4249307

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://deva.cnvids.com/loadcn/?redirect=aHR0cHM6Ly9jaW1hbm93LmNjLyVkOSU4NSVkOCViMyVkOSU4NCVkOCViMyVkOSU4NC0lZDglYTclZDklODQlZDglYWQlZDglYjQlZDglYTclZDglYjQlZDklOGElZDklODYtJWQ4JWE3JWQ5JTg0JWQ4JWFkJWQ5JTg0JWQ5JTgyJWQ4JWE5LTctJWQ4JWE3JWQ5JTg0JWQ4JWIzJWQ4JWE3JWQ4JWE4JWQ4JWI5JWQ4JWE5L3dhdGNoaW5n Page URL
https://href.li/?https://deva.cnvids.com/redirectingcn/ Page URL
https://deva.cnvids.com/redirectingcn/ Page URL
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html HTTP 301
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

111 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
deva.cnvids.com/loadcn/ 102 B
635 B 575ms
454ms Document
text/html 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/loadcn/?redirect=aHR0cHM6Ly9jaW1hbm93LmNjLyVkOSU4NSVkOCViMyVkOSU4NCVkOCViMyVkOSU4NC0lZDglYTclZDklODQlZDglYWQlZDglYjQlZDglYTclZDglYjQlZDklOGElZDklODYtJWQ4JWE3JWQ5JTg0JWQ4JWFkJWQ5JTg0JWQ5JTgyJWQ4JWE5LTctJWQ4JWE3JWQ5JTg0JWQ4JWIzJWQ4JWE3JWQ4JWE4JWQ4JWI5JWQ4JWE5L3dhdGNoaW5n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8666fd1b7965d9a5-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 18 Mar 2024 17:37:06 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r8MqZWV6UuX8XHHrSL%2FhYz5zMAgAOg6Fz1xHCoQtl4UnCTX23YdkzaFcmzzsc0L5DIks5jKLZauAyWlceuIXMRK84FUjjVWrriNHAv6RlrrXSptkGSsoEh73TSoKWQvgizXW1HD3xLHBUaqILec%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 /
href.li/ 494 B
382 B 241ms
157ms Document
text/html 192.0.78.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://href.li/?https://deva.cnvids.com/redirectingcn/

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/loadcn/?redirect=aHR0cHM6Ly9jaW1hbm93LmNjLyVkOSU4NSVkOCViMyVkOSU4NCVkOCViMyVkOSU4NC0lZDglYTclZDklODQlZDglYWQlZDglYjQlZDglYTclZDglYjQlZDklOGElZDklODYtJWQ4JWE3JWQ5JTg0JWQ4JWFkJWQ5JTg0JWQ5JTgyJWQ4JWE5LTctJWQ4JWE3JWQ5JTg0JWQ4JWIzJWQ4JWE3JWQ4JWE4JWQ4JWI5JWQ4JWE5L3dhdGNoaW5n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 18 Mar 2024 17:37:06 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 3.mia _dca MISS

GET
H2 200 /
deva.cnvids.com/redirectingcn/ 145 B
400 B 144ms
142ms Document
text/html 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/redirectingcn/
Requested by: Host: href.li
URL: https://href.li/?https://deva.cnvids.com/redirectingcn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8666fd200f45d9a5-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 18 Mar 2024 17:37:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hL2tTdnH5jQUxErRyksffosaqv5GDTrldD3uMpP6ridvn6sbpEQOMo5m7wtvuP03gFVS5PmYyB0vI6P2Xgda%2FQXGyrrsuByZ1bCQyxd%2FGWonNrQP%2BhZC3N5B83%2FtN4NxRVsWubrf3YbMThShQqY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3

200

Primary Request / Show response
deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Redirect Chain

https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html
https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

38 KB
14 KB

151ms
150ms

Document
text/html

2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/redirectingcn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e26669716b986483df51267d699fd3b6c0e2b80d5d69e6a87473ea2dc6b6137b

Request headers

Referer: https://deva.cnvids.com/redirectingcn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8666fd23e8958dd8-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 18 Mar 2024 17:37:07 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bIxYNw1VAWEN%2BiQ3ALAauUiT7vACH6sMS4gASoXViMyx6nxjbhamxrZXtlxexiS8wW1oyVsDeqVL%2F7jKeOhJ1m3dvUjHo6xqSRO44MS1JFe7WDcNftgOg5dUAB8Iusq7oaAQqm2aVbN0UZ%2BLhpw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8666fd210cb78dd8-MIA
content-type: text/html; charset=iso-8859-1
date: Mon, 18 Mar 2024 17:37:07 GMT
location: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cs%2BU0cq4Vf0IgjiRDoxx3Jn7GIMHK6DmYaM9g2XZTr7v4TcweQorFstbzR7F0GePcOhM2rGTA183MP57PfZcq2%2BvBtdc279dk4viWOqlUXaUq7dX1vo6lUZ5l27PhIohueV4%2F1QSHAuahQkG47g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 277ms
142ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7292774200877823

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07c4f820fe21aa684cfb33cc7e119a79ac240875d607bab41ab0e902b47b9d56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Origin: https://deva.cnvids.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50751
x-xss-protection: 0
server: cafe
etag: 17613356964515130534
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 18 Mar 2024 17:37:07 GMT

GET
H3 200 jquery-1.8.3.js Show response
deva.cnvids.com/dwcn/Assets/js/ 82 KB
30 KB 1273ms
1272ms Script
application/javascript 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/js/jquery-1.8.3.js
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 434792a3fad93f8f0ff193ed74ebe5d0fe117d3ecdab6fcc5cc1feb28b64294e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Sat, 02 Mar 2024 13:48:23 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=84244
etag: W/"14914-612adbeff1725"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1gCnRgOG2xc%2B9J4st2ANUjRSO27TkC4Lc47jZhbVBv7XaI87RfRxPUpiLgbI3Ub%2B%2BcjTNmrhEk6Pt8GKGO6%2BBaomtCK%2Buur%2B6E3%2BhUaZP6cP0ADKEUQPPu7%2Fo%2F9STaD9CZB8EyM%2FhekQsu%2FkBY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8666fd257aaa8dd8-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 owl.carousel.min.js Show response
deva.cnvids.com/dwcn/Assets/js/ 43 KB
12 KB 464ms
462ms Script
application/javascript 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/js/owl.carousel.min.js
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:07 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 02 Mar 2024 13:48:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ad3c-612adbf058ba2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDJBIbjVPnQKy7ekDsafSyfgzSnQfYpcVAhEti%2Fkd%2FaI60PUrtgj0RFiUi9zkR9tu1goEVY7ZtqZGHG%2FFcGyRaiA%2B7kwUrrX1BE8TLrg6IdcbczQS1ZHGiSY3TcYAB2vjzsWBfLATN6dM2FxV0k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8666fd257aad8dd8-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.countdown360.min.js Show response
deva.cnvids.com/dwcn/Assets/js/ 4 KB
2 KB 1050ms
1048ms Script
application/javascript 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/js/jquery.countdown360.min.js
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91b901acd26b6124cb1e5db9adcb22870ec13617d5aad15a7df90e17d7a26a14

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 02 Mar 2024 13:48:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"10ca-612adbf080869"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a3a%2BUuD%2FeiXFrEEY0gddbhhJYDrtTnb12Xh%2FIuW5INtBmAPDdj26KHJruxK%2BwZkmmF8qrB8pBv6h5yF1W3dKmeLv8sU%2FXO6Ljbz309RnFLc3AGnEznQOoBvAURwq3W9piyc61mhXE5dIb6VxTGs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8666fd257aaf8dd8-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 style.css
deva.cnvids.com/dwcn/Assets/css/ 39 KB
9 KB 1263ms
1261ms Stylesheet
text/css 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/css/style.css
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9366e344aa43f48c5cdabf7786dd60d58d40e6b477025b0f5e94592164caa8a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Sat, 02 Mar 2024 13:48:21 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=42012
etag: W/"a41c-612adbee2e7ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rgh5GNAJohj%2FwV%2B7ca7PcgFVq393KBiL5SlxOxZJsKpWKv3ullXOa%2FPODY5fis4gEyUYsn9IM8yt0EnO3GiCW0cOK3qqaL4mGy40nJYh9fB96tPK855iMnaH6dIklmsf9Jqkqck5zOP2JpoJTEY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8666fd257ab18dd8-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pro.min.css
kit-pro.fontawesome.com/releases/v5.9.0/css/ 171 KB
25 KB 164ms
54ms Stylesheet
text/css 2606:4700:4400::ac40:93bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit-pro.fontawesome.com/releases/v5.9.0/css/pro.min.css
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47aeab9a438a9b5c5a0d0af4b962e82b7f28a44f771d2ccb9d642422d3cef269

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:07 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 01 Jul 2021 20:19:42 GMT
server: cloudflare
x-amz-request-id: 0G6VSSCHGEQ6HNY7
age: 1721888
etag: W/"1c79f3ed80a5b3dd092927d79b0694db"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31556926
cf-ray: 8666fd262e58498e-MIA
x-amz-id-2: zC2KfdaQXOcFu2UbcKavuYjK0QZTbXJcIe+PkTMLdlXA0uJ1Jy+s23J+IGRdy2PN2LWSEGpXrrM=
expires: Tue, 18 Mar 2025 23:25:53 GMT

GET
H2 200 6065152 Show response
keewoach.net/5/ 78 KB
30 KB 573ms
275ms Script
application/javascript 139.45.197.245
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://keewoach.net/5/6065152
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.245 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: cfcbcf62543dec19fff1b291b741066a5862b066e4a78ab033b3258a48758f33

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
content-encoding: gzip
x-trace-id: 67b7531ec23455d446fd0a7b1b56367d
pragma: no-cache, no-cache
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/ 405 KB
138 KB 277ms
149ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7292774200877823

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

243c847c084bce46b9a57f7dd2740d8e47aa1fc8c315a229b1af460a5f02af61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140956
x-xss-protection: 0
server: cafe
etag: 6335361544552648447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 17:37:08 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 138ms
138ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7292774200877823

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54677d9ccf6e9de6fb5494a97dc1f9fc7b90bf1c6487013c02ed2a60c5332d79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Origin: https://deva.cnvids.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50752
x-xss-protection: 0
server: cafe
etag: 17839073733320011017
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 18 Mar 2024 17:37:08 GMT

GET
H3 200 ge-ss-two-medium-a29dc375.ttf
deva.cnvids.com/dwcn/Assets/css/fonts/GE/ 31 KB
16 KB 466ms
465ms Font
application/font-sfnt 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/css/fonts/GE/ge-ss-two-medium-a29dc375.ttf
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/dwcn/Assets/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d183fc410ed337ad7b7cabfa2dceff40024f432e2eb21158f08138bf7c2b7375

Request headers

Referer: https://deva.cnvids.com/dwcn/Assets/css/style.css
Origin: https://deva.cnvids.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 02 Mar 2024 13:48:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7b94-612adbf57a901"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VlbYTRwLcM6SJELNuA3jaFa9NFsUrw5WmJ2pUUBjU6DYiRchnZ08lBxPCtpZm9XRSAygobMY0NcZoE0qF8SV%2B7X0CkcK6Os%2FUeb4fvlnFV9q4nMBYmnKitBzbNsxqWNr0SYQrzSFRkuMPysNK0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=14400
cf-ray: 8666fd2dcebc8dd8-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ge-ss-two-light-46251cb6.ttf
deva.cnvids.com/dwcn/Assets/css/fonts/GE/ 30 KB
16 KB 471ms
471ms Font
application/font-sfnt 2606:4700:3036::ac43:b2e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://deva.cnvids.com/dwcn/Assets/css/fonts/GE/ge-ss-two-light-46251cb6.ttf
Requested by: Host: deva.cnvids.com
URL: https://deva.cnvids.com/dwcn/Assets/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b2e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa6c30184b6647b9bb9d4a82576adcf78062ab825a275c52d316e654d94dbcee

Request headers

Referer: https://deva.cnvids.com/dwcn/Assets/css/style.css
Origin: https://deva.cnvids.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 02 Mar 2024 13:48:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7940-612adbf44ebb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3RP3ppZWAIH0y0YHPmmCk3yHDdoO7yHcbhoKR9W9d5GezYVqsFoTp%2Bh5XIyjRm%2BGIzV9QFI3vVQW4oL%2FXvsWR8YywROcCX0ShjG15%2BmiRxMGVWL1jrBZm%2Fts1zGUAtkvl04Q7m64PEAZGSGgp4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=14400
cf-ray: 8666fd2e1f218dd8-MIA
alt-svc: h3=":443"; ma=86400

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 130ms
130ms Fetch
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50753
x-xss-protection: 0
server: cafe
etag: 18183766853599187345
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 18 Mar 2024 17:37:08 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C858 199 KB
54 KB 740ms
604ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&adk=1812271804&adf=3025194257&lmt=1710783429&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783427800&bpp=945&bdt=482&idt=1457&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5092844924851&frm=20&pv=2&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=1476

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

468a1dc758934c472affc8c39870234c0b1c3840ecf4fe7d23a264ca9cb02283

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 55322
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:09 GMT
expires: Mon, 18 Mar 2024 17:37:09 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 125ms
122ms Image
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=A&id=ad&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 124ms
122ms Image
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=A&id=ad&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: deva.cnvids.com
URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BCE1 36 KB
15 KB 693ms
571ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=1674586623&adk=2405132336&adf=3724739225&pi=t.ma~as.1674586623&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428746&bpp=2&bdt=1428&idt=541&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7745f84b4d7830a468c092c50f3e5706ea18e771735abaa9aebc35f70ad63709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14693
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:09 GMT
expires: Mon, 18 Mar 2024 17:37:09 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5EAF 36 KB
15 KB 490ms
381ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=4652718739&adk=3408507837&adf=525072173&pi=t.ma~as.4652718739&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428748&bpp=3&bdt=1430&idt=555&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=558

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cdffc967f33f754b0909e0819baeb3e184da4b0d1ccb417ffe670ee409c731b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14730
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:09 GMT
expires: Mon, 18 Mar 2024 17:37:09 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 417ms
137ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: keewoach.net
URL: https://keewoach.net/5/6065152

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

583af1722a5804cb5c15b15510bea5fd30ab6acfc31ec6791c66603a2e37bf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://deva.cnvids.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 / Show response
keewoach.net/5/6065152/ 3 KB
2 KB 139ms
139ms XHR
application/json 139.45.197.245
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://keewoach.net/5/6065152/?abt_opts=1&js_build=iclick-v1.735.0&userId=b69d2b8068f14d92a3b2b27e34d6cbef&is_mobile=false
Requested by: Host: keewoach.net
URL: https://keewoach.net/5/6065152
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.245 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: ab92cce3a4aca422aba8278661de5fccbfccfd9ed5bf5eee8bc5b6ed2bae06a9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
content-encoding: gzip
x-trace-id: f848991c441c5b39056f0b4fc31fab5a
pragma: no-cache, no-cache
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://deva.cnvids.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 343A 153 KB
50 KB 235ms
121ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHiykF_fmgAA5Q8VUOFeq-c9VJb8KvJw&u=%7CwAxvG2i95LRo4uplih%2Fi3h4T0YnwEHO%2Fyz9inFjIKMQ%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_c7mnO3CbWSziRk8aexfaQN8pwI528gfIHbtOL-CS7lvmVPZaRuJCuqKk1gwTMlr_-r1s73bno0NwkysF4sPFrsGoV8PH4mo5_Qkojsdf2Yg_xw7y2i6Pq60UFJmwb6UHxHhxVbLXZ1kSkfTmoVu2tOfOInOC8DrPLOHBm4dmpf9uhnIKZsqNZwDMdNYESLZRy6bOSKNeyG6AlWs4kUxbrhVoLUmhao8W-juXAkLo8WPW5tp8sSm36FUwiYfUSVNotDaPo5LqRkp9SatP92qlbOom5s03BXZSXtRN_73Vh86X_4C8GPmijmamJ2_6P_Yb4Lwvy176o-g43dhILajjIG723E0Cx2fqjk86Iz2WvOI300qa7klG2xWyWoj1ATb4tcUnID4igg1kzME3NbSMbtG93YHon3qm-tnLlZ8BlmwJyO-6RN0kf_JXCcA4Y3BSlN7mbG7WEwCr2hP5JIjtZI8qNKIErvb5fgzEgjcPD2RIq_0Y18eU8mTey3EQgLDQBU705IX1y3kNKPM9UBFvgYk6ylF5lpHUrcX6RqNp9xa9js1uMueY5mFPeMznC9b1q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC95fZxXv4ZamWHqDz998P8aG50A6cge-wXLLtt52dAcCNtwEQASAAYMmGgIDco8QQggEXY2EtcHViLTcyOTI3NzQyMDA4Nzc4MjPIAQmoAwHIAwKqBL8CT9Bu5WQi0lZ4QVAOfNG5F3fWK1MXoqbjOZpKg3rJNbneJ2d7uxNcNNswy6VRCDCZmXrW2p6rw0kg6dzJHpVzboalYKurffKOlHcNAaVdYbFe4mAw4xWNw_QxXhf5J9EpDZeOdokbyuvuk5-z-JvpNXwuXtWgEi3CIypdR3XNOsyYrhiKKI-K85xRanfuBmJ3ps8g_nI-nnciy0FqYH2kkr6iR9oD-x_XOvRcflPalO6ZaTLBaAGmQ4mDxEyF4Ws4mksGBfL0GGA3FRctCFM0ao5rSlBdbYcZhTrVt9f5DoivZWKi0IQfQcAkcDfHrBfK-AhVjidAMvVPl8JPfm39TEVhT0J-tNO0-cgMbiHYrT3EszFRsjsI63pUkgM8Gu0_W7tWompZ4K0uOY4ukbip7UtlDQ58yjMxL0Int-BykIAG4--Z87n2pb0EoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY2Jnn9Kz-hAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1amss2LVeEiaDfxUOdqqQ2HPDqrw%26client%3Dca-pub-7292774200877823%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=4652718739&adk=3408507837&adf=525072173&pi=t.ma~as.4652718739&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428748&bpp=3&bdt=1430&idt=555&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=558

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

a445e464850629a55d9705db2784e36616a7870b2f612cd4a2ca75928da79341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=JdA1tr-SP9V-A48mLZkP8z3iiddTg5PfzCOcfwq6INPs36vPNsciXBEIywmSJ0YZki9fx0pQksUkv16DI-JvzbFN-fIZPIG6906s1XXHPvPUiJ43QkMo-E_Qj-WX3hOx7pKun9L9PkK7GKi72F42cXYe75z60hFhOH_v7vy5mEA0vRANCryTG8o50ZnGWYEG4mh-fEGdDVQ5bnyzWhi4jt786Ct0L6i08lVQSNcp8LzHyVDkVCXq6EJOYgCtXOXHWmweTg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 43856399
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame 5EAF 3 KB
2 KB 198ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame 5EAF 20 KB
8 KB 198ms
64ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

594ea28ece633b47536a3549082809e82c6772e5f2f324f26f8bc0f5de6842d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8219
x-xss-protection: 0
server: cafe
etag: 17239101513064691842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 5EAF 208 KB
63 KB 67ms
66ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3edca7294f70460740b307b1b70e7356a6165cb7a76c774f65398d0d052ac8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:01:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64315
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 18:01:32 GMT

GET
H2 200 / Show response
keewoach.net/ 3 KB
3 KB 141ms
139ms Fetch
application/json 139.45.197.245
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://keewoach.net/?rb=rYNGUGHZibHaVq0pm2qRpQQ-LP-EAU9tdYBBDFOXrXc7OGhUMA0xtfxXD7xNadvSGR4UutsbhImRWamvSL_l4ZoKcZJLEM7L9fhrMAZ-NnNIFdjAh6eeAOxQBBe058BBmZl8n1HkOWROodmg3aRubaF-GpPPgaE4W1CcNIOBBKrPO2teYlZgmBDsUHqwLJIfQD51XbvEXNNU49iFoIXUBtfKusl8_SmTavA8JqKDQJ1pF2IbOOCFYz3hUlt9HovQGIDJm5ku7fN_N8V93hAQBMf2yJ2aglpTfZEjtkH52-0K2fmy6oMfFyTH1EbejGpSHSoOSEl-gtOx4FIsOWtmVQ%3D%3D&request_ab2=400701&zoneid=6065152&js_build=iclick-v1.735.0&jsp=1&fs=0&cf=0&sw=1600&sh=1200&wih=1200&wiw=1600&ww=1600&wh=1200&sah=1200&wx=0&wy=0&cw=1600&wfc=3&pl=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&drf=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=Pacific%2FHonolulu&bto=600&wgl=&js_build=iclick-v1.735.0&navlng=en-US&pnt=0&pnrc=1&bs=88c355b6-6fd7-4fec-a833-ef2111b9510e&userId=b69d2b8068f14d92a3b2b27e34d6cbef&is_mobile=false&m=link

Requested by

Host: keewoach.net
URL: https://keewoach.net/5/6065152

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.245 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

02c8da5ac050b23b2a8a407c7583077905aade87f4fa9a39e30d55877c2f4863

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
x-trace-id: 935574f19165b6f2dfe0da199ede4594
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://deva.cnvids.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 29CF 145 KB
49 KB 128ms
127ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHjOUIuM_7AAEvEbIa-z7s-gdVTETBwg&u=%7CwAxvG2i95LSh1JlSLmUigtdfLTvT8lcGRv%2BhRW8sY3s%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_cS0uNFKEyYQCn4A_v6_r4BQMRnR-pTBORpcx_qqtbUAqZm2Ls1CicBewOuCajqXPHVOYt8u5Ge5xQ1UauKK-9O4uZeIS86uYXg4lJA1AuaM5-dBRvYgOx4xuRaZ0XVOmcoU5NnRoaGVI5a2bVal66uyMLHXaJeRM7SW8aKhBcQ9kYylnZYDQ1THaU2vDzdjULZLoerAc-tViyzTmmUgdkYMfMJKgYfFIYk--m1sluijNDnLtqfCz5-A3gJaoOTdJrn_P1cJde6prvlMe744tvW0T1LeQOo9t_baZdeeeHV7cbYjm2XXM8X8gai7ppzrHCwUtSvt2Qb5yM5wTu9eNZRBL6JKkGs1lFe6BQsjNj4TJS-yhn-qjEghxf5ipppMC6g4q0r_kFuVlW-IlZBs6zkydKVft-_NDZm6OsOjlj6oMVWpEn3Rf-BThh4dBESJH2yR2i73IYCu5JnuDDgra8z_wF-JrVQMrypQ3vg5_v1bMI1ful8Tmb8lVtAUeofiS_DpQ51dWhueckdJLF8prTe9kNcnfmsxuIEgY5pX0QXw0rr8-EV4DKgw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3VhAxXv4ZeWZHvuf4_UPkd6EiAGcge-wXJrwqKp0wI23ARABIABgyYaAgNyjxBCCARdjYS1wdWItNzI5Mjc3NDIwMDg3NzgyM8gBCagDAcgDAqoEvwJP0NJuUGrmdwmS7B_EtGlHyGfQQh4PyMEggcuZMICf99y-1hDEH1nx30RglSkJYAljDNSHaWVO8ZRsiQk9E8u17ZVQY6I_cMh1q_8vVHRS7C5M7A9aUHvDAy69VVrc1CHtNcvWkFD-HJqdQJzGmz2Jhzz9gijTed1fk6ipz1xFPsfvDul-Qh5-KbZ9-xjGlCnwHXl5onE0ainndQgFkXjW29Jy3eUTZeD9STa4DsLY2R-mxEG7CHWaJomfnQJz3H9DmDPreHOZETQeMFrzwBuciTrIHIwjJN2Dd-5yepmt_AUESDgCeZQR-FdARlP9wt5xq3gwJkTqlkA6rcLougwJHI-zqONxdJ5kZJbiLxURxp7DFPRlHC4_ZsRZrvDXwt-gVe2yKunAYkDMkSytpIpxF004c3y7LDVXhfzIyTLngAben5Kus4f2uymgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljRoOf0rP6EA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0PvvryndWZrEZrCxUWeTj63sxr0Q%26client%3Dca-pub-7292774200877823%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=1674586623&adk=2405132336&adf=3724739225&pi=t.ma~as.1674586623&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428746&bpp=2&bdt=1428&idt=541&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=548

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

dfbe88c949b4192ec5693dba63a38ce31c27b7d9d51b964d9c327ebc1fa6b04f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=KoifC7-SP9V-A48m3mWldF0A6RuOarjFy312rAbcnmMXeokMFJLbRYOH_QvMhdMYtR3ODTWHP5W2CoeDYVuFUpl3Eued8rWEWVCTNCnCm--P0d-FlfEKo0NTv1hGVUuZyd0YA0hV-uP51DSZkeaB1CRjQZM_Yj7nf8Bmp20j5XtQBsv-Rgd3JGTyjxVelwBRaJmquyG67PomRPAiWJ9_De8nO59BDH_syAhPGQX_MlI0858CoAtknO6W47TBwRWnm0_FGQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 40158092
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame BCE1 3 KB
1 KB 74ms
72ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame BCE1 20 KB
8 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

594ea28ece633b47536a3549082809e82c6772e5f2f324f26f8bc0f5de6842d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8219
x-xss-protection: 0
server: cafe
etag: 17239101513064691842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BCE1 208 KB
63 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3edca7294f70460740b307b1b70e7356a6165cb7a76c774f65398d0d052ac8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:01:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64315
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 18:01:32 GMT

GET
DATA 200
OK truncated
/ Frame 5EAF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 316ec9e6b06e5935b2d8b904324c45e2fd1275fd0f74ef59bca7562b6d8d9435

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 343A 2 KB
1 KB 171ms
59ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHiykF_fmgAA5Q8VUOFeq-c9VJb8KvJw&u=%7CwAxvG2i95LRo4uplih%2Fi3h4T0YnwEHO%2Fyz9inFjIKMQ%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_c7mnO3CbWSziRk8aexfaQN8pwI528gfIHbtOL-CS7lvmVPZaRuJCuqKk1gwTMlr_-r1s73bno0NwkysF4sPFrsGoV8PH4mo5_Qkojsdf2Yg_xw7y2i6Pq60UFJmwb6UHxHhxVbLXZ1kSkfTmoVu2tOfOInOC8DrPLOHBm4dmpf9uhnIKZsqNZwDMdNYESLZRy6bOSKNeyG6AlWs4kUxbrhVoLUmhao8W-juXAkLo8WPW5tp8sSm36FUwiYfUSVNotDaPo5LqRkp9SatP92qlbOom5s03BXZSXtRN_73Vh86X_4C8GPmijmamJ2_6P_Yb4Lwvy176o-g43dhILajjIG723E0Cx2fqjk86Iz2WvOI300qa7klG2xWyWoj1ATb4tcUnID4igg1kzME3NbSMbtG93YHon3qm-tnLlZ8BlmwJyO-6RN0kf_JXCcA4Y3BSlN7mbG7WEwCr2hP5JIjtZI8qNKIErvb5fgzEgjcPD2RIq_0Y18eU8mTey3EQgLDQBU705IX1y3kNKPM9UBFvgYk6ylF5lpHUrcX6RqNp9xa9js1uMueY5mFPeMznC9b1q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC95fZxXv4ZamWHqDz998P8aG50A6cge-wXLLtt52dAcCNtwEQASAAYMmGgIDco8QQggEXY2EtcHViLTcyOTI3NzQyMDA4Nzc4MjPIAQmoAwHIAwKqBL8CT9Bu5WQi0lZ4QVAOfNG5F3fWK1MXoqbjOZpKg3rJNbneJ2d7uxNcNNswy6VRCDCZmXrW2p6rw0kg6dzJHpVzboalYKurffKOlHcNAaVdYbFe4mAw4xWNw_QxXhf5J9EpDZeOdokbyuvuk5-z-JvpNXwuXtWgEi3CIypdR3XNOsyYrhiKKI-K85xRanfuBmJ3ps8g_nI-nnciy0FqYH2kkr6iR9oD-x_XOvRcflPalO6ZaTLBaAGmQ4mDxEyF4Ws4mksGBfL0GGA3FRctCFM0ao5rSlBdbYcZhTrVt9f5DoivZWKi0IQfQcAkcDfHrBfK-AhVjidAMvVPl8JPfm39TEVhT0J-tNO0-cgMbiHYrT3EszFRsjsI63pUkgM8Gu0_W7tWompZ4K0uOY4ukbip7UtlDQ58yjMxL0Int-BykIAG4--Z87n2pb0EoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY2Jnn9Kz-hAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1amss2LVeEiaDfxUOdqqQ2HPDqrw%26client%3Dca-pub-7292774200877823%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 343A 2 KB
1 KB 173ms
61ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 343A 308 B
637 B 163ms
58ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 343A 293 B
621 B 164ms
60ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 343A 43 B
348 B 171ms
57ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=5XXQ9NvbzMmcMKUhs6dYN11Ehk-PvoIYHxVgxEodfGeYwycpggGFKrCc0SMicz4TonC7sXpI5oTKz1iIHD8tmc_8nHi-Tx2DQQYX1hWfT-oNxTJOZqk9VdFSgvgmpQAqno08PNa-3VE8jDjBCVOi92PGZTZPYAEs5BEGkfvel8iywyYmuo0C_F9Eh1Iz9Y3k8voBrul6w8vFtUk3CL1y0CXdbOrcFuggUPKjyNcQoqnQv8RKv4ksy-mhLm88tSAEfAOHGALAHB2NIJSIG6_28Ek9cBIl96XNpufG6jU7Ee9f42mAu5AMbK6c-bqoBcorQRjJQBEN_ebvBILraqUsApbrqVa9GpxocCc6vzPH5X8GYMfs8CA9m4uPnKtTUvMGPSf044Toqdae7jyHHfAkPO8qtKIpqh5itoiguwGoXtiUIyvnguNOROTPhGEMH_wkIzjdnA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1754378
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 343A 12 KB
5 KB 110ms
41ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 598004
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KgAJViIuTnSG%2FsWp75KImMvh2CTgxWX2LGxoKuJ23r8HMxyQ%2BqMSwoCeq4cpUl9Sl1JjTQZV22mxguwoE0KM28nqtXVkyQRxDB4M7VnL0S8QGDMr4IZuq4dOJuLSbALBmcznSea368vM4AxpsCz%2FYFfD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8666fd36ac9f4c33-MIA
expires: Sat, 08 Mar 2025 17:37:10 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/ 166 KB
56 KB 141ms
141ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26bacfd65f8ffc816fa2947741668f9f807d843b25f83df146219b18750177f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: cafe
etag: 2488058115938294488
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 17:37:10 GMT

GET
H2 200 ca-pub-7292774200877823 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 255ms
108ms Script
application/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-7292774200877823?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

450bf686cbac277aea7d85aae8307777332677032db5802cd08e8b3ddcfd61f2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-4fYnNk2X3Byb92Fr-gcIJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-4fYnNk2X3Byb92Fr-gcIJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw1JBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTDcez7w_VsAh-uti9gBADerjHJ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BCE1 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ff81ea7cae2142f7aae3b9289e7b4fa8507614fade842297bf5da7a9a1edaab

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 29CF 2 KB
1 KB 74ms
59ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=Zfh7xQAHjOUIuM_7AAEvEbIa-z7s-gdVTETBwg&u=%7CwAxvG2i95LSh1JlSLmUigtdfLTvT8lcGRv%2BhRW8sY3s%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd9-dzZ-iTLkdn4iCWrkEk_cS0uNFKEyYQCn4A_v6_r4BQMRnR-pTBORpcx_qqtbUAqZm2Ls1CicBewOuCajqXPHVOYt8u5Ge5xQ1UauKK-9O4uZeIS86uYXg4lJA1AuaM5-dBRvYgOx4xuRaZ0XVOmcoU5NnRoaGVI5a2bVal66uyMLHXaJeRM7SW8aKhBcQ9kYylnZYDQ1THaU2vDzdjULZLoerAc-tViyzTmmUgdkYMfMJKgYfFIYk--m1sluijNDnLtqfCz5-A3gJaoOTdJrn_P1cJde6prvlMe744tvW0T1LeQOo9t_baZdeeeHV7cbYjm2XXM8X8gai7ppzrHCwUtSvt2Qb5yM5wTu9eNZRBL6JKkGs1lFe6BQsjNj4TJS-yhn-qjEghxf5ipppMC6g4q0r_kFuVlW-IlZBs6zkydKVft-_NDZm6OsOjlj6oMVWpEn3Rf-BThh4dBESJH2yR2i73IYCu5JnuDDgra8z_wF-JrVQMrypQ3vg5_v1bMI1ful8Tmb8lVtAUeofiS_DpQ51dWhueckdJLF8prTe9kNcnfmsxuIEgY5pX0QXw0rr8-EV4DKgw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3VhAxXv4ZeWZHvuf4_UPkd6EiAGcge-wXJrwqKp0wI23ARABIABgyYaAgNyjxBCCARdjYS1wdWItNzI5Mjc3NDIwMDg3NzgyM8gBCagDAcgDAqoEvwJP0NJuUGrmdwmS7B_EtGlHyGfQQh4PyMEggcuZMICf99y-1hDEH1nx30RglSkJYAljDNSHaWVO8ZRsiQk9E8u17ZVQY6I_cMh1q_8vVHRS7C5M7A9aUHvDAy69VVrc1CHtNcvWkFD-HJqdQJzGmz2Jhzz9gijTed1fk6ipz1xFPsfvDul-Qh5-KbZ9-xjGlCnwHXl5onE0ainndQgFkXjW29Jy3eUTZeD9STa4DsLY2R-mxEG7CHWaJomfnQJz3H9DmDPreHOZETQeMFrzwBuciTrIHIwjJN2Dd-5yepmt_AUESDgCeZQR-FdARlP9wt5xq3gwJkTqlkA6rcLougwJHI-zqONxdJ5kZJbiLxURxp7DFPRlHC4_ZsRZrvDXwt-gVe2yKunAYkDMkSytpIpxF004c3y7LDVXhfzIyTLngAben5Kus4f2uymgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljRoOf0rP6EA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0PvvryndWZrEZrCxUWeTj63sxr0Q%26client%3Dca-pub-7292774200877823%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 29CF 2 KB
1 KB 74ms
58ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 29CF 308 B
636 B 112ms
112ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 29CF 293 B
621 B 113ms
112ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 29CF 43 B
347 B 58ms
58ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=qHxeLZkt9qmSSQ6OUhonAemPI9ZgebpVDJLkO4zQNs_hAId5BVvbCVzgd1B7AzdYZ_Yd4V3yECTERU83Q-AWuZeinkjxk08jLleM_CntIPMaDlCihm0rlWbqU8xCUNAMx-_Hg_lqFnh6woiIxoK_mWqmtHVOzjRp_CFB_ObYC6RG9_DXChsDIvwhf92ms-k_G_1jK4fJRCRh1jkaxJnHVAMag0jqnx3_cnj1t1Yx7ZKlcIcONFx8GmPRLkwblI7OhSjfQRwXbVRwg-Z98OVFmD1hjOnUsEPbdm-W0kBEW4LWpPROeBEx_avpX9-rYPrFcChjwEV9-gvBcZCA_KfzKI6Q0GpCjXJtD_ZqKa7T3MP31WvY-BJJ3V6P-t4032xgFicMQcgrSGmNXiF54uOiNpF7z4wlg-fpYCyZF0pioz2O6tv-C5RN7NHhibamaB16vNLGKQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3139628
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 343A 12 KB
6 KB 120ms
110ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 3 KB
4 KB 222ms
108ms Image
image/png 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?h=556&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fstatic.va.us.criteo.net%2Fdesign%2Fdt%2F105937%2F5270228%2Fbce3e133562847b3b9cd6c0b04373df2_logo_1_horizontal.png&v=3&w=196&rid=4&s=Cn-HpVJqRsEx0CmUmDcOYhC6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

d9c961cac0d317f62d167a8d79839af5b7e0f24e53889e7015c9e789a7c07949

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3471
expires: Tue, 25 Feb 2025 01:43:48 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 15 KB
15 KB 223ms
109ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fce9fa023db3ae0bf8153f8c6cd25f43b1706607559.rng.jpg&v=3&w=400&rid=4&s=D906ysc8aYmW8Y8mfAUTXIjX&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

0137832295a93569e7190167c26fb5ae0c5257dd02c5f9a618f9f32ed1f0195a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 14880
expires: Mon, 18 Mar 2024 17:38:48 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 10 KB
10 KB 222ms
108ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fd20d8f982dcee9d8a111159ca70e947d1706607464.rng.jpg&v=3&w=400&rid=4&s=G7i1S2kNxqLA0cQi49PVRnAw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

dbecdb3db2aa93c808a846bb28c11da6a3416176b90211fd967750700831a11e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 9830
expires: Mon, 18 Mar 2024 17:53:58 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 17 KB
17 KB 262ms
148ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fc208f91444e745ca256c7ff381dc2dc51702305901.rng.jpg&v=3&w=400&rid=4&s=Gte9t36B6gACFvsIIV3tvjUd&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

07f15fc6623f4366fe76969fdc8bb4361072111a22a5512bcc5baf76864e6296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 17470
expires: Mon, 18 Mar 2024 17:39:50 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 11 KB
11 KB 301ms
187ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fab21e7b5d3183c9434022d893d2957061706607494.rng.jpg&v=3&w=400&rid=4&s=7kYvINUSKCXvCsQvH_EiAUcR&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

eab67d7efe9fae75760c63a457baec41ae4d64e32ae7d462606f8c65957e9e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 10930
expires: Mon, 18 Mar 2024 18:00:29 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 343A 14 KB
14 KB 300ms
186ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105937&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fa53ef4a667081fcef84f488e5c6415df1706607430.rng.jpg&v=3&w=400&rid=4&s=cy8d2G8g2yyuP3JMRoAOMX-O&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

c35615638f07e9d3254cf18e4a286a243705f7340996f00020c52c092a0f35e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 14144
expires: Mon, 18 Mar 2024 17:50:12 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 343A 0
128 B 172ms
56ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=JdA1tr-SP9V-A48mLZkP8z3iiddTg5PfzCOcfwq6INPs36vPNsciXBEIywmSJ0YZki9fx0pQksUkv16DI-JvzbFN-fIZPIG6906s1XXHPvPUiJ43QkMo-E_Qj-WX3hOx7pKun9L9PkK7GKi72F42cXYe75z60hFhOH_v7vy5mEA0vRANCryTG8o50ZnGWYEG4mh-fEGdDVQ5bnyzWhi4jt786Ct0L6i08lVQSNcp8LzHyVDkVCXq6EJOYgCtXOXHWmweTg&sds=2&rev=91140.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 343A 2 KB
1 KB 103ms
102ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 343A 2 KB
1 KB 104ms
104ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 29CF 12 KB
5 KB 41ms
41ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 598004
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=amykpwtmYQuuQjXSj9bNvy9wYJa2SJILda%2Fo4GBxLdT%2FNXvfWglwaMyh7c%2BZOEHU49Q8hXI%2FgM6CIm2Hk%2BKBpi2OR3Xzi7lhWkqQUvVkq8vdvghJtcwxOM%2BydwlzKeUSYmG3aGsPaFKOUYTKsw2uCawj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8666fd36fcd34c33-MIA
expires: Sat, 08 Mar 2025 17:37:10 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 29CF 12 KB
6 KB 104ms
103ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 29CF 10 KB
10 KB 238ms
172ms Image
image/png 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?h=556&m=0&partner=100968&q=80&r=0&u=https%3A%2F%2Fstatic.va.us.criteo.net%2Fdesign%2Fdt%2F100968%2F4725501%2F9afe0276d5a541efb731edd9b0b4b72f_logo_n_vertical.png&v=3&w=196&rid=4&s=SCSTl85K4Zl_bjnbQcXef-t5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

a3ad94f3806365ea17486d4cfe082eb778b279cea18bbc6505bfced1a78cd74d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10409
expires: Mon, 17 Feb 2025 05:01:23 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 29CF 15 KB
16 KB 264ms
198ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?cq=256&h=400&m=0&partner=100968&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2F247120fa35f741b90a23b6d80aad74131710430728.rng.jpg&v=3&w=400&rid=4&s=w3Ad04FFALZJ7FHO9xlOpAhj&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

c8244e1e8018bd4f17b18ef6104072126df1e4ac684e8b01e7b4cfefbf7bf506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 15710
expires: Mon, 18 Mar 2024 18:21:10 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 29CF 12 KB
12 KB 279ms
213ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?cq=256&h=400&m=0&partner=100968&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fcd65cb57f5053ce13083c3973ae61c4d1710431416.rng.jpg&v=3&w=400&rid=4&s=P9Dy4Ez8tg-K2JtLVxBcT87X&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

14e87ab329e4c4c6ac949f632863308d6693edd96c85af0ccbca3f850be60d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 12474
expires: Mon, 18 Mar 2024 18:17:39 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 29CF 14 KB
14 KB 296ms
230ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?cq=256&h=400&m=0&partner=100968&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fdedf517fb1419e1b51a0cfccea483de01708530246.rng.png&v=3&w=400&rid=4&s=wfZ_dKd54f50HZ_S4I6ruhGv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

008d822fac282d3fdc54ec1d9869cc433c534930b79d144047e1f51996696fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 13912
expires: Mon, 18 Mar 2024 18:24:25 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 29CF 13 KB
13 KB 288ms
223ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?cq=256&h=400&m=0&partner=100968&q=80&r=0&u=https%3A%2F%2Fi.gstatvb.com%2Fd8adecc7ff2c5e04f4157778dc56b3f21710430734.rng.jpg&v=3&w=400&rid=4&s=pxB7n4uuEyCPoIEa1jIPvWwf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

a6e04ffd2d1619cd9495f83e3f5c288f49ffe90bdac3829ba1ffb41a30541c8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 13008
expires: Mon, 18 Mar 2024 18:27:21 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 29CF 0
127 B 127ms
57ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=KoifC7-SP9V-A48m3mWldF0A6RuOarjFy312rAbcnmMXeokMFJLbRYOH_QvMhdMYtR3ODTWHP5W2CoeDYVuFUpl3Eued8rWEWVCTNCnCm--P0d-FlfEKo0NTv1hGVUuZyd0YA0hV-uP51DSZkeaB1CRjQZM_Yj7nf8Bmp20j5XtQBsv-Rgd3JGTyjxVelwBRaJmquyG67PomRPAiWJ9_De8nO59BDH_syAhPGQX_MlI0858CoAtknO6W47TBwRWnm0_FGQ&sds=2&rev=91140.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 29CF 2 KB
1 KB 70ms
67ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 29CF 2 KB
1 KB 68ms
67ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 muli-400.css
static.criteo.net/design/googlefont/muli/ Frame 343A 999 B
739 B 55ms
55ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/muli/muli-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

2082226949711b1a7662b7ee87d361ee37465ebe0a0f387e9c87afd9a5e2f509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 14:08:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391efcf-3e7"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 lato-400.css
static.criteo.net/design/googlefont/lato/ Frame 29CF 682 B
665 B 56ms
55ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/lato/lato-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

907f0ae9397d82a7dc9eca8dfe6c5b9f0bfea55cd1af9aa9713ca667cfdb8ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 14:04:37 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391eef5-2aa"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 muli-400-latin.woff2
static.criteo.net/design/googlefont/muli/ Frame 343A 17 KB
17 KB 235ms
125ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/muli/muli-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/muli/muli-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

15559265c43e023322fbb97f910244594c12c7c9b60afcfe7bd3529155f560ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/muli/muli-400.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:08:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391efcf-4224"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H2 200 lato-400-latin.woff2
static.criteo.net/design/googlefont/lato/ Frame 29CF 23 KB
23 KB 171ms
66ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/lato/lato-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/lato/lato-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/lato/lato-400.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:04:37 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391eef5-5c1c"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Mar 2025 17:37:10 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/ Frame 1927 9 KB
4 KB 64ms
64ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 78268
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Mar 2024 19:52:42 GMT
etag: 5035419970550746386
expires: Sun, 31 Mar 2024 19:52:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxVJ9SdhlnuN7A-xPeIwRWEjZ1QcOF3cMluGpSN32EWgzlSd3mjCwAm7Nv7PX87A7y9PiDrAkI6YmlveEHpyiDYVJPNfa-g1AaIENZ-_9mYLfxtbmbZcOwrG0pGl77DWvOrqJzPHTA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 97ms
96ms Script
application/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVJ9SdhlnuN7A-xPeIwRWEjZ1QcOF3cMluGpSN32EWgzlSd3mjCwAm7Nv7PX87A7y9PiDrAkI6YmlveEHpyiDYVJPNfa-g1AaIENZ-_9mYLfxtbmbZcOwrG0pGl77DWvOrqJzPHTA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwNzgzNDMwLDU0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9kZXZhLmNudmlkcy5jb20vMjAxOS8xMi9NYWdpYy1wbGFudC10by1nZXQtcmlkLW9mLWV4dHJhLXBvdW5kcy1xdWlja2x5LW5vdGljZWFibGUtMjAxOS5odG1sLyIsbnVsbCxbWzgsIklJVXREU1FSUWtNIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IIUtDSQRQkM.es5.O/am=wA/d=1/rs=AJlcJMysDthpbhkkXFmssKzk6EEEEvca5g/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c8bca6421da37ea915f6558895fba5772f2f9edf98e75c94b49186f45542eaee

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-R2eBiys0Ls4PDYHK2YtICQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-R2eBiys0Ls4PDYHK2YtICQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmII0pBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTDcez7w_VsAg2rL89nAgDkSzGM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5EAF 0
23 B 145ms
144ms Image
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CItm9xXv4ZamWHqDz998P8aG50A6cge-wXLLtt52dAcCNtwEQASAAYMmGgIDco8QQggEXY2EtcHViLTcyOTI3NzQyMDA4Nzc4MjPIAQmoAwHIAwKqBLwCT9Bu5WQi0lZ4QVAOfNG5F3fWK1MXoqbjOZpKg3rJNbneJ2d7uxNcNNswy6VRCDCZmXrW2p6rw0kg6dzJHpVzboalYKurffKOlHcNAaVdYbFe4mAw4xWNw_QxXhf5J9EpDZeOdokbyuvuk5-z-JvpNXwuXtWgEi3CIypdR3XNOsyYrhiKKI-K85xRanfuBmJ3ps8g_nI-nnciy0FqYH2kkr6iR9oD-x_XOvRcflPalO6ZaTLBaAGmQ4mDxEyF4Ws4mksGBfL0GGA3FRctCFM0ao5rSlBdbYcZhTrVt9f5DoivZWKi0IQfQcAkcDfHrBfK-AhVjidAMvVPl8JPfm39TEVhT0J-tNO0-cgMbiHYrT3EszFRsjsIqXh0AMWB8Ze2sISCLlO-RBwhEYcAiXwyHjHsxLBi5iuw69YeUIAG4--Z87n2pb0EoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY2Jnn9Kz-hAOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNzI5Mjc3NDIwMDg3NzgyMxgA&sigh=X3BMiMkhCdw&uach_m=%5BUACH%5D&cid=CAQSTwB7FLtqtkK8aRbIoFl3ghYQpTJ5Ec2nXZitsHKCbUkFuwYe773qDUxjRpTmUk5PxQwnyp1z2EV5h9Wch3y2gG54UoULkAPl42pV-yh2hTAYAQ&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=4652718739&adk=3408507837&adf=525072173&pi=t.ma~as.4652718739&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428748&bpp=3&bdt=1430&idt=555&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=558
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Mar 2024 17:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Mar 2024 17:37:10 GMT

GET
H2 200 notify
rtb.da.us.criteo.com/google/auction/ Frame 5EAF 0
126 B 198ms
64ms Image
text/plain 2620:100:a005::14
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.da.us.criteo.com/google/auction/notify?profile=14&payload=mLb3Gdv5RLAJmALiIp0XAgAAAJQjDmEE_M3OEMV7-GU71z0Hxamko5YhAAASAAAKCkFRVUJEQUVQREG76FVXhxIqB27UNvr7EpEx&wp=Zfh7xQAHiykF_fmgAA5Q8VUOFeq-c9VJb8KvJw&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a005::14 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:09 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 276513
server: Kestrel
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame BCE1 0
23 B 135ms
134ms Image
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C3c_ixXv4ZeWZHvuf4_UPkd6EiAGcge-wXJrwqKp0wI23ARABIABgyYaAgNyjxBCCARdjYS1wdWItNzI5Mjc3NDIwMDg3NzgyM8gBCagDAcgDAqoEvAJP0NJuUGrmdwmS7B_EtGlHyGfQQh4PyMEggcuZMICf99y-1hDEH1nx30RglSkJYAljDNSHaWVO8ZRsiQk9E8u17ZVQY6I_cMh1q_8vVHRS7C5M7A9aUHvDAy69VVrc1CHtNcvWkFD-HJqdQJzGmz2Jhzz9gijTed1fk6ipz1xFPsfvDul-Qh5-KbZ9-xjGlCnwHXl5onE0ainndQgFkXjW29Jy3eUTZeD9STa4DsLY2R-mxEG7CHWaJomfnQJz3H9DmDPreHOZETQeMFrzwBuciTrIHIwjJN2Dd-5yepmt_AUESDgCeZQR-FdARlP9wt5xq3gwJkTqlkA6rcLougwJHI-zqONxdJ5kZJbiLxURxp7DFPRlHC59ZOTLaE08uFZLajk-Ew5k00_kmAK1YBGCbcTxzWKXNLSTEcUvgAben5Kus4f2uymgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljRoOf0rP6EA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi03MjkyNzc0MjAwODc3ODIzGAA&sigh=DWIT0EBrfK8&uach_m=%5BUACH%5D&cid=CAQSTgB7FLtqQ0swYZ7DaMrGBTY67c5BnXE_Qs9fIL7H0zOYepCx4xxCOLbTUv4CYN-IpGinxmeGzZtRHT6W0EP4MU_ciE_o1O6YTFg0ZRQirxgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=1674586623&adk=2405132336&adf=3724739225&pi=t.ma~as.1674586623&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428746&bpp=2&bdt=1428&idt=541&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=548
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Mar 2024 17:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Mar 2024 17:37:10 GMT

GET
H2 200 notify
rtb.da.us.criteo.com/google/auction/ Frame BCE1 0
125 B 190ms
65ms Image
text/plain 2620:100:a005::14
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.da.us.criteo.com/google/auction/notify?profile=14&payload=mNSTGtv5RLAJmALiIp0XAgAAAPWgFXX7ng-HEMR7-GXCIx1u342EY8BzAAASAAAKCkFRVUJEQUVCREG76FVXhxIqB27UNvr7EpEx&wp=Zfh7xQAHjOUIuM_7AAEvEbIa-z7s-gdVTETBwg&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a005::14 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 257969
server: Kestrel
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame CC8C 14 KB
2 KB 220ms
83ms Stylesheet
text/css 2607:f8b0:4006:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Mar 2024 17:37:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Mar 2024 16:01:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Mar 2024 17:37:10 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame CC8C 2 KB
822 B 64ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/ Frame CC8C 23 KB
9 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0585c17865b250df20a5c5dbf25274d44443f26d24ed58bbe3215dd54dd864b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8954
x-xss-protection: 0
server: cafe
etag: 11417926956348271285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1E35 143 B
166 B 69ms
68ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 610
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:27:00 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame CC8C 3 KB
1 KB 63ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/ Frame CC8C 20 KB
8 KB 65ms
63ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

594ea28ece633b47536a3549082809e82c6772e5f2f324f26f8bc0f5de6842d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8219
x-xss-protection: 0
server: cafe
etag: 17239101513064691842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame CC8C 208 KB
63 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3edca7294f70460740b307b1b70e7356a6165cb7a76c774f65398d0d052ac8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:01:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64315
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 18:01:32 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame CC8C 36 KB
15 KB 200ms
66ms Script
text/javascript 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 21:11:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 419142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 03:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 11 Jun 2024 21:11:28 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/elements/html/ Frame 1927 15 KB
6 KB 71ms
70ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b5a4e5208642cc79fa1cbf1c0bc831d41a4bbab2f3be66ae814dd26a9ba9bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6460
x-xss-protection: 0
server: cafe
etag: 5807243554008179978
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:43 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1927 205 B
650 B 193ms
64ms Image
image/png 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 20:53:42 GMT
x-content-type-options: nosniff
age: 420208
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Mar 2025 20:53:42 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1927 604 B
695 B 193ms
65ms Image
image/png 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 20:52:19 GMT
x-content-type-options: nosniff
age: 420291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Mar 2025 20:52:19 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240313/r20110914/elements/html/ Frame 1927 22 KB
9 KB 79ms
78ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b2685ea894c514e15f58420b40933b08f0b2baa4cef2a68479acc9a01323b0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 18:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9102
x-xss-protection: 0
server: cafe
etag: 3566326672948847535
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Mar 2024 18:03:05 GMT

GET
H2 200 AGSKWxVMotEIf31NmRdwQuOa2PEG-CIg3dx7o8iK7rIbxxIYkypKZJmZgSfkdHjit_YGXXf8RKAXH88Dti-ZUYYyva2OMwpxdPYmHVf8rW29FjDLrF67QXO0TwQqLdX0v9wA6YnJCL7uJg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 99ms
98ms Script
application/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVMotEIf31NmRdwQuOa2PEG-CIg3dx7o8iK7rIbxxIYkypKZJmZgSfkdHjit_YGXXf8RKAXH88Dti-ZUYYyva2OMwpxdPYmHVf8rW29FjDLrF67QXO0TwQqLdX0v9wA6YnJCL7uJg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwNzgzNDMwLDY1MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vZGV2YS5jbnZpZHMuY29tLzIwMTkvMTIvTWFnaWMtcGxhbnQtdG8tZ2V0LXJpZC1vZi1leHRyYS1wb3VuZHMtcXVpY2tseS1ub3RpY2VhYmxlLTIwMTkuaHRtbC8iLG51bGwsW1s4LCJJSVV0RFNRUlFrTSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9cc01f27331c25ce0aa30de2b5c5a659786bb338edbe34ad8cd897b00354eab

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-PlpW023y9rHq_ds8AZy-xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:10 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-PlpW023y9rHq_ds8AZy-xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw15BiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaery-ZJIBYA4j51k1nVQFi3fXTWUOBOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAfHLBedaLQCzEw3Hs-8P1bAIPpvZeZAIAMHA2xQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1E35
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

92ms
91ms

Document
text/html

2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240313/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:11 GMT
expires: Mon, 18 Mar 2024 17:37:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:10 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5EAF 42 B
64 B 126ms
126ms Fetch
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstKouF0CzIaTAkuEG9LFZGDgnrCkOPfDdhucLsNQhbRB9pYxf1nhn0bnJRuTRBOU7EIgnN5p_3FdwWRgkl4D5l4nsGrekVfp6ugStodlywyyH84-xqWAhpk_A243a4S0na0NBA5tD8&sig=Cg0ArKJSzLQj5zxkBEVSEAE&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240313&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3408507837&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=671623000&rst=1710783429307&rpt=758&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BCE1 42 B
64 B 143ms
143ms Fetch
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsumOcvSEEqVemEK3eV-s0Pgcedvm9Z73SNrlVkX5RduSaZ9w2G2_cVjSQGhKoGZ-MfDCy985dJhQAdsPWRMNarg9CDRxl9CsxMk7oZ84RVIBipD16Ft74v9ufELfMdxLdAFoFM0Ig&sig=Cg0ArKJSzAnVtOUyT2D8EAE&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240313&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2405132336&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=671623000&rst=1710783429295&rpt=863&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Mar 2024 17:37:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 343A 0
127 B 64ms
63ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.us.criteo.net/ Frame 29CF 0
127 B 56ms
56ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Mar 2024 17:37:10 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 144ms
144ms XHR
application/json 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240313&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89dce516d7c66ed0ecf21f5caac63a9f826ca89547af0d73e47097f4d039c113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12270
x-xss-protection: 0

GET
H3 200 baSY2O45eIFBeOgq1vPVnlASrS1AjKGi1V2DTNGFAvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 2745 51 KB
20 KB 63ms
63ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/baSY2O45eIFBeOgq1vPVnlASrS1AjKGi1V2DTNGFAvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6da498d8ee3978814178e82ad6f3d59e5012ad2d408ca1a2d55d834cd18502fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 21:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 419564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20207
x-xss-protection: 0
last-modified: Mon, 11 Mar 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Mar 2025 21:04:27 GMT

GET
H3 200 inline. Show response
fundingchoicesmessages.google.com/f/AGSKWxW1KskIZlwxQEg1a5MCRCk65TySt6-a1gY1vqnrpp_pqyFpwtfH0JjIlfN4_nqoSPYcL-PUuvHbNqXJhpY1L5BWsZXMUncHMkajsaKTbhoZV06r4AZ8A1rrrs-X-ODmKa1YgqkYWf8pr1XCTJisxYgmI97nU... 54 B
110 B 87ms
86ms Script
application/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW1KskIZlwxQEg1a5MCRCk65TySt6-a1gY1vqnrpp_pqyFpwtfH0JjIlfN4_nqoSPYcL-PUuvHbNqXJhpY1L5BWsZXMUncHMkajsaKTbhoZV06r4AZ8A1rrrs-X-ODmKa1YgqkYWf8pr1XCTJisxYgmI97nUK3VySrTwDi0WC4AVXsqiNz2o5Geak_w/_/advertisements_/ad_google./adsystem.-ad-tile./ads/inline.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IIUtDSQRQkM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxGFhSBGkuR9VJeBYRtSsPNSN2hkg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ae50675a4806aa04035481483eed24980ecf97a568250c5eb9613061f27ca30c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-tGK0S7LJtalflFmrp0lb5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-tGK0S7LJtalflFmrp0lb5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw1JBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaery-ZJIBYA4j51k1nVQFi3fXTWUOBOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAfHLBedaLQCzEw3H8-8P1bAIfzh05wggAMEU3NA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 64 KB
24 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41184d45ee0190e745df94776022442ab923bc979486aee54db3aef923747b76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24270
x-xss-protection: 0
server: cafe
etag: 1848696431517659579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 18 Mar 2024 18:07:32 GMT

POST
H3 204 AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 219ms
89ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Jj2676VR1jbM2NAi_mr8QQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: script-src 'report-sample' 'nonce-Jj2676VR1jbM2NAi_mr8QQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw05BiqGV4xtQKxE7pM1hDgFiIh-P494fr2QR-rJrbzAQAzBsMvw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://deva.cnvids.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 133ms
91ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N-dnrKJI8qTJWGxClTPOoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: script-src 'report-sample' 'nonce-N-dnrKJI8qTJWGxClTPOoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1pBiqGV4xtQKxE7pM1hDgFiIh-P494fr2QQ6pu1rZgIAyZgMWQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://deva.cnvids.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 213ms
177ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yFBmLxrlipQRiazw1EhvUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: script-src 'report-sample' 'nonce-yFBmLxrlipQRiazw1EhvUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw1pBiqGV4xtQKxE7pM1hDgFiIh-P494fr2QRmnJqzlgkAyZYMnQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://deva.cnvids.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 125ms
90ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cU9jq-k0Qt8uNtZ0oCFrIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cU9jq-k0Qt8uNtZ0oCFrIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0JBiqGV4xtQKxE7pM1hDgFiIh-P494fr2QQefN7YzAQAzUcNBg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://deva.cnvids.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUaV1iDX2n_waD4Iy5pYZdUkiXPNKr3nTiCnKV-A_oLBVFtzNzpB30NYS7ADtVHwveb_UVTFjVbsYhvXvB88XH_HcFr8Xh4SLdeuvNuvL7whR278bL6qLDvgcaSTZ0F2a6-DUhBWA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 95ms
95ms Script
application/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUaV1iDX2n_waD4Iy5pYZdUkiXPNKr3nTiCnKV-A_oLBVFtzNzpB30NYS7ADtVHwveb_UVTFjVbsYhvXvB88XH_HcFr8Xh4SLdeuvNuvL7whR278bL6qLDvgcaSTZ0F2a6-DUhBWA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwNzgzNDMxLDQ2NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9kZXZhLmNudmlkcy5jb20vMjAxOS8xMi9NYWdpYy1wbGFudC10by1nZXQtcmlkLW9mLWV4dHJhLXBvdW5kcy1xdWlja2x5LW5vdGljZWFibGUtMjAxOS5odG1sLyIsbnVsbCxbWzgsIklJVXREU1FSUWtNIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ea64cc6a7c0538ee4e4df9941aaabd50c4720f1965d741c4cc8cd72c54eb94d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-rLlodcyW0QH-ooy2qNsXiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-rLlodcyW0QH-ooy2qNsXiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmLw1ZBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTDcfz7w_VsAh2ztn9nBADiWzG6"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 85ms
84ms Script
text/javascript 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403130201/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Mar 2024 17:37:11 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1C5E 13 KB
5 KB 71ms
64ms Document
text/html 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 338007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Mar 2024 19:43:44 GMT
expires: Fri, 14 Mar 2025 19:43:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9E2A 829 B
997 B 90ms
84ms Document
text/html 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d0209c6bf0c070245cf4eae131594fd8de140339808b81b6c4b9d31142dc1b65

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WHbk5gYuQNIsULHotWFaNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://deva.cnvids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-WHbk5gYuQNIsULHotWFaNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 17:37:11 GMT
expires: Mon, 18 Mar 2024 17:37:11 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 AGSKWxUr3w6NAcTDZvN1hZQUbmkqs6Xt3f9JPZAFVZGWfPwNLfMKLwD1uNex8-EKMrBtSASWox06AOP9pBWQCTLtdUTAXbZAKMU3JMMUn9Fr9rWGYF-Z0Qs4DlYr2_8rd2WTEFq0J0mcpg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 119ms
118ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUr3w6NAcTDZvN1hZQUbmkqs6Xt3f9JPZAFVZGWfPwNLfMKLwD1uNex8-EKMrBtSASWox06AOP9pBWQCTLtdUTAXbZAKMU3JMMUn9Fr9rWGYF-Z0Qs4DlYr2_8rd2WTEFq0J0mcpg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-U4o8FOi137MAvQqvm0DdNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: script-src 'report-sample' 'nonce-U4o8FOi137MAvQqvm0DdNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1pBiqGV4xtQKxE7pM1hDgFiIh-P494fr2QQOnLqygQkAzBwNCA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://deva.cnvids.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 184ms
183ms XHR
text/html 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJEhX3mwt5VgDFBPF48scp7l2PlpbCS7l03UiTuaJkGMSAHqJYnZtVXuYlmkFHNUUTJXev9Zp63e9SZMR2eCyGQ4OxDTc2rwDpNg0Xtc-02Y4rLwCkR-s--SGeH72fLRIuq1WirA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-t-Kq86m8cRU6XaJaVlzkyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deva.cnvids.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Mar 2024 17:37:11 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-t-Kq86m8cRU6XaJaVlzkyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0pBiqGV4xtQKxE7pM1hDgFiIh-P494fr2QR-PJtzgQkAzioNSw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://deva.cnvids.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 J7jMHEcdr0lVSatsUU1en4le0CiJfA3--2xrJ7e0v4U.js Show response
pagead2.googlesyndication.com/bg/ Frame 1C5E 40 KB
15 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/J7jMHEcdr0lVSatsUU1en4le0CiJfA3--2xrJ7e0v4U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27b8cc1c471daf495549ab6c514d5e9f895ed028897c0dfefb6c6b27b7b4bf85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 20:41:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 420938
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15583
x-xss-protection: 0
last-modified: Mon, 11 Mar 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Mar 2025 20:41:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9E2A 0
0 123ms
123ms Image
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240313&jk=630655687785661&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1C5E 0
10 B 65ms
64ms Image
text/plain 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FwrXSQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 17:37:12 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 126ms
125ms Image
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240313&jk=630655687785661&bg=!dHeldzjNAAY_ejuoH3o7ADQBe5WfOHfL1bS5HMwgOy8IG9z651CzoTEQ1IHYWNdZrdYIH2m7sIgpAUeJ89QByy_QVIApAgAAAF9SAAAAAmgBBwoAPE5XUyA5LQaMFvZwyQ8W6xAYHmikKPa6RRjEt9JJCpCVI0T4xd7gnqrBnUjaHoRhbD8sRkgE5I6J2y-MFJkCn1oaoAAnMN27qHzZ7GzlrR33jYTSa8ZH2fHdHFPLdUB4BgKv_32HoiVGhlBNE-0Em6pQgqGD74fycMiom2R5HhgD9g5vofvTF9lRbCZFdnahE7xCs87Tv_8YVDRbIEKH66jJYpTLrnxLE2cgbtPce0JJrxRWDve3xx0nZHaLmNLtzweP4b3zrqEbV3tBJsjnvKzoIjfIdC9OFDNOwQvu70HlovN9J9mL269wGRW0ZqoUFIjsdJCw3BCN_zT7py1yN4HiJCz-AA7MepwhlfMFgQ6g3PFpFUTwaWDsZhatC8EVodM85jpHFizr2aR1-8vmIANawC5cbrPiEiLVzfLbDs4zbqQdeTxzqfZ35Jv5TxKDKy8rFhUigQ9vvnpvkNAjqYIP5IY3RJ2SzzUTqLVRxd406AHXTUer6qULKTHdnwx_H77lXt-mKwpczOSNGC9c9QxO0jEgUNqVCLzu7h6iNlcg5yB-ETCOGrKckHu6P1faYV_2nOO0YRh1hqB9SRMANpCAmpwGvHYFYGjL2j9eBqoCwOZYg5RNXpCLMRVGIceOylIuStsNac7GUxrme74Ed5VUr5sCYgA-Ayw4BpPPhcNIFV0nbczWu3WwiJaO9lc2i4cMqAAiW3tdp-ubqD-2dd4HUx7OC_XmMYuVUE9Z8gIPJxyJ4d9lcTaCT7pTTvGZRxE-4ZvIQCzhN-jQmvDOwXohZNJg-TBbTRMinrJyx2KcF-wNCCkDpuzx3w3dPHnGJO5qhFzZKfaAd2CmU9idagBQx-e5zbqO543-XzNcuEQzHDvCOwWXs9013czXhbtk1j66lQ4HhI7DRzlbjE-u7xAXIBt4Eu5mJzazIY1aSEFJbfOIzDO6Wp5zfJ3-Km6EC2xaynBYPfcHZdzxrKJ6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://deva.cnvids.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
deva.cnvids.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hi1eqjr7peaq95ap862qilnnmf
keewoach.net/	1970-01-21 03:58:39	Name: oaidts Value: 1710783429
my.rtmark.net/	1970-01-21 03:58:39	Name: ID Value: b69d2b8068f14d92a3b2b27e34d6cbef
keewoach.net/	1970-01-21 03:58:39	Name: OAID Value: b69d2b8068f14d92a3b2b27e34d6cbef
keewoach.net/	1970-01-20 19:23:08	Name: syncedCookie Value: true
deva.cnvids.com/	1970-01-20 19:13:03	Name: prefetchAd_6065152 Value: true
.criteo.com/	1970-01-21 04:34:39	Name: receive-cookie-deprecation Value: 1
.cnvids.com/	1970-01-21 04:34:39	Name: __gads Value: ID=849c20ba57e3af66:T=1710783429:RT=1710783429:S=ALNI_MbG1t-lfInKHBBF5uV5k9JpQ1R7RA
.cnvids.com/	1970-01-21 04:34:39	Name: __gpi Value: UID=00000dd386036263:T=1710783429:RT=1710783429:S=ALNI_MYGweU1JQIw0pLt1VNkzF-fjK6cog
.cnvids.com/	1970-01-20 23:32:15	Name: __eoi Value: ID=a95c283b095699d6:T=1710783429:RT=1710783429:S=AA-AfjaraVCu6LB-Ll7FVnRzZi-J
.doubleclick.net/	1970-01-21 04:49:03	Name: IDE Value: AHWqTUn9EJGS0Zhgz4S95sUhTaWEHMICx4ZE-B0d9-1wcMc-Krt5bobuxw1mfOwEsDk
.doubleclick.net/	1970-01-20 19:13:07	Name: DSID Value: NO_DATA
.cnvids.com/	1970-01-21 03:58:39	Name: FCNEC Value: %5B%5B%22AKsRol9eDtmEZ1uon3tlMwSbS8jhGbvDoHuyqR26V_qSg6qqOlXc995KvrpqvKeMBZ9vqQy_O2ts-zw8I_huEug9Y0zRoaqB7HydUz49VbzXtttKqsxKuGuQtXP3oYbTdX21nB9rGXUBD4w79zT-NuErvt_i91qcqg%3D%3D%22%5D%5D

28 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7292774200877823&output=html&h=280&slotname=4652718739&adk=3408507837&adf=525072173&pi=t.ma~as.4652718739&w=1200&fwrn=4&fwrnh=100&lmt=1710783429&rafmt=1&format=1200x280&url=https%3A%2F%2Fdeva.cnvids.com%2F2019%2F12%2FMagic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710783428748&bpp=3&bdt=1430&idt=555&shv=r20240313&mjsv=m202403130201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=5092844924851&frm=20&pv=1&ga_vid=868591861.1710783429&ga_sid=1710783429&ga_hid=1357117251&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C42532523%2C44795922%2C95327950%2C95327954%2C95321963%2C95322398%2C95326921&oid=2&pvsid=630655687785661&tmod=1030987963&uas=0&nvt=1&ref=https%3A%2F%2Fdeva.cnvids.com%2Fredirectingcn%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=558 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://deva.cnvids.com/2019/12/Magic-plant-to-get-rid-of-extra-pounds-quickly-noticeable-2019.html/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.us.criteo.com
cat.va.us.criteo.com
cdnjs.cloudflare.com
csm.us.criteo.net
deva.cnvids.com
fonts.googleapis.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
href.li
imageproxy.us.criteo.net
keewoach.net
kit-pro.fontawesome.com
my.rtmark.net
pagead2.googlesyndication.com
rtb.da.us.criteo.com
static.criteo.net
tpc.googlesyndication.com
www.google.com
www.gstatic.com
139.45.195.8
139.45.197.245
192.0.78.27
2606:4700:3036::ac43:b2e0
2606:4700:4400::ac40:93bc
2606:4700::6811:180e
2607:f8b0:4006:809::200a
2607:f8b0:4006:80b::2003
2607:f8b0:4006:80e::2001
2607:f8b0:4006:817::2004
2607:f8b0:4006:817::200e
2607:f8b0:4006:823::2002
2620:100:a001::16
2620:100:a001::24
2620:100:a001::4
2620:100:a001::9
2620:100:a005::14
74.119.119.147
008d822fac282d3fdc54ec1d9869cc433c534930b79d144047e1f51996696fc8
0137832295a93569e7190167c26fb5ae0c5257dd02c5f9a618f9f32ed1f0195a
02c8da5ac050b23b2a8a407c7583077905aade87f4fa9a39e30d55877c2f4863
0585c17865b250df20a5c5dbf25274d44443f26d24ed58bbe3215dd54dd864b1
07c4f820fe21aa684cfb33cc7e119a79ac240875d607bab41ab0e902b47b9d56
07f15fc6623f4366fe76969fdc8bb4361072111a22a5512bcc5baf76864e6296
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b5a4e5208642cc79fa1cbf1c0bc831d41a4bbab2f3be66ae814dd26a9ba9bbf
14e87ab329e4c4c6ac949f632863308d6693edd96c85af0ccbca3f850be60d56
15559265c43e023322fbb97f910244594c12c7c9b60afcfe7bd3529155f560ae
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
2082226949711b1a7662b7ee87d361ee37465ebe0a0f387e9c87afd9a5e2f509
243c847c084bce46b9a57f7dd2740d8e47aa1fc8c315a229b1af460a5f02af61
26bacfd65f8ffc816fa2947741668f9f807d843b25f83df146219b18750177f3
27b8cc1c471daf495549ab6c514d5e9f895ed028897c0dfefb6c6b27b7b4bf85
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
316ec9e6b06e5935b2d8b904324c45e2fd1275fd0f74ef59bca7562b6d8d9435
32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a
3edca7294f70460740b307b1b70e7356a6165cb7a76c774f65398d0d052ac8c8
41184d45ee0190e745df94776022442ab923bc979486aee54db3aef923747b76
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
434792a3fad93f8f0ff193ed74ebe5d0fe117d3ecdab6fcc5cc1feb28b64294e
450bf686cbac277aea7d85aae8307777332677032db5802cd08e8b3ddcfd61f2
468a1dc758934c472affc8c39870234c0b1c3840ecf4fe7d23a264ca9cb02283
47aeab9a438a9b5c5a0d0af4b962e82b7f28a44f771d2ccb9d642422d3cef269
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
4ea64cc6a7c0538ee4e4df9941aaabd50c4720f1965d741c4cc8cd72c54eb94d
54677d9ccf6e9de6fb5494a97dc1f9fc7b90bf1c6487013c02ed2a60c5332d79
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
583af1722a5804cb5c15b15510bea5fd30ab6acfc31ec6791c66603a2e37bf2d
594ea28ece633b47536a3549082809e82c6772e5f2f324f26f8bc0f5de6842d2
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6da498d8ee3978814178e82ad6f3d59e5012ad2d408ca1a2d55d834cd18502fb
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7745f84b4d7830a468c092c50f3e5706ea18e771735abaa9aebc35f70ad63709
7b2685ea894c514e15f58420b40933b08f0b2baa4cef2a68479acc9a01323b0a
7cdffc967f33f754b0909e0819baeb3e184da4b0d1ccb417ffe670ee409c731b
89dce516d7c66ed0ecf21f5caac63a9f826ca89547af0d73e47097f4d039c113
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
907f0ae9397d82a7dc9eca8dfe6c5b9f0bfea55cd1af9aa9713ca667cfdb8ec4
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91b901acd26b6124cb1e5db9adcb22870ec13617d5aad15a7df90e17d7a26a14
9ff81ea7cae2142f7aae3b9289e7b4fa8507614fade842297bf5da7a9a1edaab
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3ad94f3806365ea17486d4cfe082eb778b279cea18bbc6505bfced1a78cd74d
a445e464850629a55d9705db2784e36616a7870b2f612cd4a2ca75928da79341
a6e04ffd2d1619cd9495f83e3f5c288f49ffe90bdac3829ba1ffb41a30541c8a
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a9cc01f27331c25ce0aa30de2b5c5a659786bb338edbe34ad8cd897b00354eab
ab92cce3a4aca422aba8278661de5fccbfccfd9ed5bf5eee8bc5b6ed2bae06a9
ae50675a4806aa04035481483eed24980ecf97a568250c5eb9613061f27ca30c
b9366e344aa43f48c5cdabf7786dd60d58d40e6b477025b0f5e94592164caa8a
c35615638f07e9d3254cf18e4a286a243705f7340996f00020c52c092a0f35e3
c8244e1e8018bd4f17b18ef6104072126df1e4ac684e8b01e7b4cfefbf7bf506
c8bca6421da37ea915f6558895fba5772f2f9edf98e75c94b49186f45542eaee
cfcbcf62543dec19fff1b291b741066a5862b066e4a78ab033b3258a48758f33
d0209c6bf0c070245cf4eae131594fd8de140339808b81b6c4b9d31142dc1b65
d183fc410ed337ad7b7cabfa2dceff40024f432e2eb21158f08138bf7c2b7375
d9c961cac0d317f62d167a8d79839af5b7e0f24e53889e7015c9e789a7c07949
dbecdb3db2aa93c808a846bb28c11da6a3416176b90211fd967750700831a11e
df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0
dfbe88c949b4192ec5693dba63a38ce31c27b7d9d51b964d9c327ebc1fa6b04f
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e26669716b986483df51267d699fd3b6c0e2b80d5d69e6a87473ea2dc6b6137b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eab67d7efe9fae75760c63a457baec41ae4d64e32ae7d462606f8c65957e9e6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa6c30184b6647b9bb9d4a82576adcf78062ab825a275c52d316e654d94dbcee

deva.cnvids.com Open in urlscan Pro 2606:4700:3036::ac43:b2e0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

111 Requests

100 %HTTPS

78 %IPv6

13 Domains

19 Subdomains

19 IPs

2 Countries

1268 kBTransfer

3404 kBSize

13 Cookies

1 Outgoing links

Page URL History

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

deva.cnvids.com Open in urlscan Pro
2606:4700:3036::ac43:b2e0 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

100 %
HTTPS

78 %
IPv6

13
Domains

19
Subdomains

19
IPs

2
Countries

1268 kB
Transfer

3404 kB
Size

13
Cookies

111 HTTP transactions
2 data transactions