www.farfeshplus.online Open in urlscan Pro
185.18.205.182 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Effective URL:
https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Submission: On May 19 via manual (May 19th 2021, 4:46:58 am UTC) from US

Summary HTTP 423 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 64 IPs in 7 countries across 49 domains to perform 423 HTTP transactions. The main IP is 185.18.205.182, located in Holon, Israel and belongs to INTERHOST, IL. The main domain is www.farfeshplus.online.
TLS certificate: Issued by R3 on April 12th 2021. Valid for: 3 months.

This is the only time www.farfeshplus.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 48	185.18.205.182 185.18.205.182	61102 (INTERHOST) (INTERHOST)
2	2606:4700::68... 2606:4700::6810:8616	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2 2	104.131.156.249 104.131.156.249	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::ac43:4712	13335 (CLOUDFLAR...) (CLOUDFLARENET)
32	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	99.86.242.65 99.86.242.65	16509 (AMAZON-02) (AMAZON-02)
10	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	62.90.37.40 62.90.37.40	1680 (NV-ASN CE...) (NV-ASN CELLCOM ltd.)
3	2a02:26f0:6c0... 2a02:26f0:6c00:28b::3b8d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.14.47 13.32.14.47	16509 (AMAZON-02) (AMAZON-02)
1	52.35.171.122 52.35.171.122	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	95.142.20.17 95.142.20.17	20645 (PUREPEAK-ASN) (PUREPEAK-ASN)
1 7	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
26	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
6	2a02:26f0:6c0... 2a02:26f0:6c00:283::3b8d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 9	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
6 64	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
5 5	52.33.71.0 52.33.71.0	16509 (AMAZON-02) (AMAZON-02)
11 11	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
11 11	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
9 9	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
5 8	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	2a05:d01c:1d8... 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df	16509 (AMAZON-02) (AMAZON-02)
3	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
15	18.203.131.238 18.203.131.238	16509 (AMAZON-02) (AMAZON-02)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1 4	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
4 4	217.182.200.20 217.182.200.20	16276 (OVH) (OVH)
5 5	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
1 1	18.194.113.221 18.194.113.221	16509 (AMAZON-02) (AMAZON-02)
1 3	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3032::ac43:aa7a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	85.114.131.233 85.114.131.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
4	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
6	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
4	99.86.242.110 99.86.242.110	16509 (AMAZON-02) (AMAZON-02)
2	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
4	54.217.57.115 54.217.57.115	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80f::2013	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2012	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2012	15169 (GOOGLE) (GOOGLE)
1	142.250.185.114 142.250.185.114	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2012	15169 (GOOGLE) (GOOGLE)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
423	64

48 185.18.205.182 (Holon, Israel) 1 redirects

ASN61102 (INTERHOST, IL)
PTR: 182.205.interhost.co.il

mobile.farfeshplus.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.farfeshplus.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.131.156.249 (San Francisco, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: wp-03.ops.jquery.net

codeorigin.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4712 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.radiantmediatechs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.242.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-242-65.vie50.r.cloudfront.net

certify-js.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.90.37.40 (Ramat Gan, Israel)

ASN1680 (NV-ASN CELLCOM ltd., IL)
PTR: santafea.aumix.net

www.wintv.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:28b::3b8d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

widget.postquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.14.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-14-47.vie50.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.171.122 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-171-122.us-west-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.142.20.17 (Israel)

ASN20645 (PUREPEAK-ASN, IL)
PTR: ip-95-142-20-17.purepeak.com

api.postquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00:283::3b8d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

img9-api.postquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 5 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 142.250.185.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.33.71.0 (Boardman, United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-33-71-0.us-west-2.compute.amazonaws.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 35.227.252.103 (Kansas City, United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.64.189.115 (United Kingdom) 11 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.165 (Frankfurt am Main, Germany) 9 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.133.58 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.150 (Lingenfeld, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 18.203.131.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

s.update.mediamathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.182.200.20 (France) 4 redirects

ASN16276 (OVH, FR)
PTR: gcm6.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.80.199.35 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.113.221 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-113-221.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:aa7a (United States)

ASN13335 (CLOUDFLARENET, US)

ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.131.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21037.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Maintal, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.242.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-242-110.vie50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics-wg.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.29.72.47 (Croydon, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.217.57.115 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-57-115.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

w-it.m-t.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

dzc-v6exp3-ds.metric.ipv6test.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

dzc-v6exp3-ds.metric.ipv6test.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.114 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f18.1e100.net

p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
105	doubleclick.net 7 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net 5994599.fls.doubleclick.net googleads4.g.doubleclick.net	492 KB
78	googlesyndication.com pagead2.googlesyndication.com 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	790 KB
48	farfeshplus.online 1 redirects mobile.farfeshplus.online www.farfeshplus.online	1005 KB
26	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	765 KB
15	mediamathtag.com s.update.mediamathtag.com	47 KB
14	google.com 5 redirects adservice.google.com www.google.com	2 KB
12	googletagservices.com www.googletagservices.com	392 KB
11	pubmatic.com 11 redirects image6.pubmatic.com	5 KB
11	openx.net 11 redirects rtb.openx.net	3 KB
11	postquare.com widget.postquare.com api.postquare.com img9-api.postquare.com	153 KB
9	2mdn.net s0.2mdn.net	253 KB
9	rubiconproject.com 9 redirects pixel.rubiconproject.com	4 KB
9	quantserve.com 5 redirects cms.quantserve.com	3 KB
8	webgains.io analytics.webgains.io api.webgains.io analytics-wg.webgains.io	210 KB
8	webgains.com track.webgains.com diapi.webgains.com	197 KB
8	fbcdn.net static.xx.fbcdn.net	541 KB
7	facebook.com 1 redirects www.facebook.com	176 KB
6	gstatic.com p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com	6 KB
6	radiantmediatechs.com cdn.radiantmediatechs.com	219 KB
5	everesttech.net 5 redirects pixel.everesttech.net	2 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal900025.redintelligence.net	9 KB
5	addthis.com 5 redirects e.dlx.addthis.com	6 KB
5	googletagmanager.com www.googletagmanager.com	206 KB
5	jquery.com 2 redirects codeorigin.jquery.com code.jquery.com	147 KB
4	m-t.io w-it.m-t.io	474 B
4	awin1.com www.awin1.com	3 KB
4	gemius.pl 4 redirects googlecm.hit.gemius.pl	878 B
4	mathtag.com tags.mathtag.com pixel.mathtag.com	3 KB
4	ad4mat.net prod-rtb.ad4mat.net ad4mat.net	2 KB
3	casalemedia.com 1 redirects dsum-sec.casalemedia.com	3 KB
3	criteo.com bidder.criteo.com gum.criteo.com	630 B
3	criteo.net static.criteo.net	38 KB
3	google.de adservice.google.de	1 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	googleapis.com ajax.googleapis.com imasdk.googleapis.com	322 KB
2	innovid.com ag.innovid.com	592 B
2	mookie1.com odr.mookie1.com	430 B
2	rlcdn.com 2 redirects id.rlcdn.com	892 B
2	facebook.net connect.facebook.net	65 KB
2	alexametrics.com certify-js.alexametrics.com certify.alexametrics.com	3 KB
2	demand.supply live.demand.supply	338 B
1	ipv6test.com dzc-v6exp3-ds.metric.ipv6test.com	410 B
1	ipv6test.net dzc-v6exp3-ds.metric.ipv6test.net	410 B
1	o2online.de portal.o2online.de	609 B
1	contentspread.net cdn.contentspread.net	77 KB
1	agkn.com 1 redirects d.agkn.com	761 B
1	a2z.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com	48 B
1	googleadservices.com partner.googleadservices.com	647 B
1	wintv.live www.wintv.live	1 KB
423	49

	Domain	Requested by
62	cm.g.doubleclick.net	6 redirects www.farfeshplus.online googleads.g.doubleclick.net 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
40	tpc.googlesyndication.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net mobile.farfeshplus.online 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
35	pagead2.googlesyndication.com	mobile.farfeshplus.online pagead2.googlesyndication.com www.farfeshplus.online securepubads.g.doubleclick.net googleads.g.doubleclick.net srcdoc 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com s0.2mdn.net
32	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net mobile.farfeshplus.online
28	www.farfeshplus.online	1 redirects mobile.farfeshplus.online www.farfeshplus.online cdn.radiantmediatechs.com
20	mobile.farfeshplus.online	mobile.farfeshplus.online
15	s.update.mediamathtag.com	tags.mathtag.com s.update.mediamathtag.com
12	assets.ad4m.at	as.ad4m.at
12	www.googletagservices.com	mobile.farfeshplus.online www.farfeshplus.online pagead2.googlesyndication.com googleads.g.doubleclick.net
11	image6.pubmatic.com	11 redirects
11	rtb.openx.net	11 redirects
10	www.google.com	5 redirects googleads.g.doubleclick.net mobile.farfeshplus.online tpc.googlesyndication.com
10	ad4m.at	googleads.g.doubleclick.net ad4m.at
9	s0.2mdn.net	imasdk.googleapis.com mobile.farfeshplus.online s0.2mdn.net
9	pixel.rubiconproject.com	9 redirects
9	cms.quantserve.com	5 redirects googleads.g.doubleclick.net
8	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
7	www.facebook.com	1 redirects connect.facebook.net www.facebook.com
7	securepubads.g.doubleclick.net	mobile.farfeshplus.online securepubads.g.doubleclick.net www.farfeshplus.online
6	track.webgains.com	as.ad4m.at analytics.webgains.io
6	img9-api.postquare.com	www.farfeshplus.online
6	cdn.radiantmediatechs.com	www.farfeshplus.online www.wintv.live cdn.radiantmediatechs.com
5	pixel.everesttech.net	5 redirects
5	e.dlx.addthis.com	5 redirects
5	www.googletagmanager.com	mobile.farfeshplus.online www.farfeshplus.online www.googletagmanager.com
4	w-it.m-t.io	analytics-wg.webgains.io
4	api.webgains.io	analytics.webgains.io
4	www.awin1.com	as.ad4m.at
4	as.ad4m.at	ad4m.at as.ad4m.at
4	googlecm.hit.gemius.pl	4 redirects
4	hal900025.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900025.redintelligence.net
4	adservice.google.com	pagead2.googlesyndication.com 5994599.fls.doubleclick.net
3	dsum-sec.casalemedia.com	1 redirects googleads.g.doubleclick.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	static.criteo.net	widget.postquare.com www.farfeshplus.online
3	adservice.google.de	pagead2.googlesyndication.com
3	widget.postquare.com	www.farfeshplus.online widget.postquare.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	code.jquery.com	mobile.farfeshplus.online www.farfeshplus.online
2	analytics-wg.webgains.io	analytics.webgains.io
2	diapi.webgains.com	track.webgains.com
2	analytics.webgains.io	track.webgains.com
2	googleads4.g.doubleclick.net	mobile.farfeshplus.online
2	ad4mat.net	ad4m.at
2	5994599.fls.doubleclick.net	1 redirects mobile.farfeshplus.online
2	p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com
2	bidder.criteo.com	static.criteo.net
2	p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com
2	ag.innovid.com	googleads.g.doubleclick.net
2	odr.mookie1.com	googleads.g.doubleclick.net 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
2	id.rlcdn.com	2 redirects
2	imasdk.googleapis.com	cdn.radiantmediatechs.com imasdk.googleapis.com
2	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
2	api.postquare.com	widget.postquare.com
2	734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	connect.facebook.net	www.farfeshplus.online connect.facebook.net
2	codeorigin.jquery.com	2 redirects
2	live.demand.supply	mobile.farfeshplus.online www.farfeshplus.online
1	ade.googlesyndication.com
1	p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com
1	p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com
1	dzc-v6exp3-ds.metric.ipv6test.com
1	dzc-v6exp3-ds.metric.ipv6test.net
1	portal.o2online.de
1	gum.criteo.com	static.criteo.net
1	cdn.contentspread.net	hal900025.redintelligence.net
1	d.agkn.com	1 redirects
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	mobile.farfeshplus.online
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com	www.farfeshplus.online
1	certify.alexametrics.com	www.farfeshplus.online
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.wintv.live	www.farfeshplus.online
1	certify-js.alexametrics.com	www.farfeshplus.online
1	ajax.googleapis.com	www.farfeshplus.online
423	75

This site contains links to these domains. Also see Links.

Domain
twitter.com
megalinksgrp.com
gecko.me

Subject Issuer	Validity	Valid
mobile.farfeshplus.online R3	`2021-04-12` - `2021-07-11`	3 months	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2021-04-21` - `2022-04-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
www.farfeshplus.online R3	`2021-04-12` - `2021-07-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
radiantmediatechs.com Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
certify-js.alexametrics.com Amazon	`2020-07-12` - `2021-08-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
wintv.live RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-12-06` - `2021-12-08`	a year	crt.sh
*.postquare.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-31` - `2022-04-25`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
certify.alexametrics.com Amazon	`2020-07-12` - `2021-08-12`	a year	crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-08` - `2021-08-08`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
update.mediamathtag.com R3	`2021-04-28` - `2021-07-27`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
contentspread.net R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-19`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2019-05-20` - `2021-06-08`	2 years	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
w-it.m-t.io GTS CA 1D4	`2021-04-09` - `2021-07-09`	3 months	crt.sh
*.metric.ipv6test.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.metric.ipv6test.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.v4.metric.gstatic.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.ds.metric.gstatic.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh

This page contains 60 frames:

Primary Page: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Frame ID: 2340A37A5C573871E4C152F638B0DF4C
Requests: 112 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: EFC994058236884CD69D038D41E0D75F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: 2A2B269D330510304C55E952A158A8BE
Requests: 1 HTTP requests in this frame

Frame: https://www.wintv.live/player1/farfeshplushlsadz/?video=2vod5n/zizy-1.mp4&poster=https://www.farfeshplus.online/ramadanimages/1773.jpg&ads=1&schedule=all
Frame ID: 99D79DCCD15AEC96E959D71CE5118B4C
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&adk=1812271804&adf=3025194257&lmt=1621399596&plat=1%3A16809992%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595425&bpp=74&bdt=386&idt=578&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=617
Frame ID: 42AE63E3516D27375A1F40DD5E7B1853
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745
Frame ID: 2C5B95754F9B2E76BC3D258496885FE2
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
Frame ID: 30D89C24C0110AF75EAE2ABEDC1412EC
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=8400035594&adk=833794805&adf=3132389021&pi=t.ma~as.8400035594&w=160&lmt=1621399596&psa=0&format=160x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595503&bpp=1&bdt=464&idt=887&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4f4a60a92942580c%3AT%3D1621399596%3AS%3DALNI_MaxLDRjeWtAzPhs8_A0J3tfSQ6UGg&prev_fmts=0x0%2C120x600%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&xpc=TZbrVcbPEF&p=https%3A//www.farfeshplus.online&dtd=901
Frame ID: C00467FB46A26EA431F02D7525D55C80
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045
Frame ID: 8923D9F1010A662ECDC094264D39719A
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
Frame ID: 1D81997F738A2B04D90AA51F5221F08D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896
Frame ID: 55174108457F0F8667B214498CB45618
Requests: 10 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
Frame ID: 25C3AF7886DFC84019CB63104CB72F18
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2224016C66E399915C40F67C745FD418
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865
Frame ID: C8E27B8D83717AA836CDF4DEAEF0F7DC
Requests: 10 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
Frame ID: BAAE44EBC5E6EB0F867C128A3BD5D6B9
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 55E99226CF34A5A169E8AE8F476F9D38
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962
Frame ID: 37503A57BA660D4FB2560C53EA6375B7
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055
Frame ID: B1BF1E8A7191ED9867348FFC83B6BE4F
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.459.0_en.html
Frame ID: FDB92CA2E339377E2BBBB75D4249CC1F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: F9C225D0604A0792F14A3DB841A8380F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4174CFB1F54C92EAB51B65968063DDF8
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: DBB70547E8D2193C769A97A48E5DF465
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: F3E3A82A87C4D5503EA1F9C7F858CEAC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 77A9C587862E4243CC36E36B01D4F737
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 75E93A6F45BD46C4154947C0F1CBF5C2
Requests: 2 HTTP requests in this frame

Frame: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 5E7AE50EA5DC775165A69A6C69E968F9
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7AFB3B25D8CF08B4C69C89E29841388D
Requests: 9 HTTP requests in this frame

Frame: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FAA6F14F06770E2C8C176662FB95A63A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E4B21C2C0BECA45333FD4F47E691338B
Requests: 2 HTTP requests in this frame

Frame: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: E26628B280FEC20E270FA44430E48878
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F7C8803E19B4851AB21D0CA1DD2B2C4E
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A59B080C6CFB74ED758A64EF4DFE6870
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9B554F2F2817CCD1592FFA41F50EC0E4
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 04DAA179BAEECB8CBFC420BDCF5F5484
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5E164EABEE0C68B34D1D33CAC5F358E2
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw
Frame ID: E0078032F4CE44DEFA479E98C8F16F1C
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BV1x6_cmQIJJhBX8SiVIaRIC8M0OeUQqK_QY6qku7BKXY9C-5McAZCjM-6UZHtkgsv6r0eMifkm9X3J7kzKV9QJ53ZkZbZ_RSHanYVexrLbsbQhxK_2PmUwjALkwMNneThsV5fOCn7t2gU0i_bZz4Q7k5fxw&dbm_d=AKAmf-AteaDLS_Bbo74kLlF3l-R5mk30OVpv9YuW3w639O_M_MRoTIgHRc9zWk9BXx7JpQCXFgMNM10lHo3Rdja_w9AwHQx5nZaO0DR-thNMA6lw3a0gfDnrIJaR1ARObM4VEGuetISDzS69UjnLOL0sordyydlezucXiuH9RIXGYjcN7oycmAwJu3E55wEnsOmyECDYUQt-HFfKYjMuEKFPP6YdqFyCgS-HKnXj-6HGfPkNXgIOCyA8GxvLusUyLU2j8CHR0FawDGL7I5bFvx5PV0NZSEtC_CMUWPHn_MGrkETw3dxRocZFDwcbTa9q9lW5QMpn6GnxWuu1pMKl_7NJLE9OClFH6wyMOn-vWrv4VwA2r8f5uELLQgBkvuf51NubFMSACJnnva_gopb0Q-XuxCy47rP1Oe5smkWAXxemzirVSFeWD0eF3pqNXcKBxRZ9wri8k03f25Y7NMmx46fnQzMmnEbOyWeY0dh0jzxaLTJsF7q2EyPBgz_2tJMXvHCiOaXTnJl3JOuDg-CY2PP5NXLrhA5RA9y6SHv_1ruf33z552n_heKYoZqMWH9jcKRmJRGh1A4CyWdXZPeAQTmyZ6JMBE96FrtbdPVt_k9TEdB_2iz8T3RXLr564g67goVfMY0xZ7ZDBS5fIEmWoU4Nmr6dcFp8bSRoYpZG83a04oEPffv-t8AtD2-02mYabx-LaauqpcMgRwpkxG-XRQ0GL1x_c6MTGrOhX_VBHiE34i7yd0a7_IYGiN3kSvDDaFCX2H1gUAH8pMMX6FnkND82vnQDnQXTjm8iKYDHxKqfrB5H4qZZdcQGCEVoJrVSmv6OjAnkr8YOjWtQuOxiDs4eoOk2FPGWAUrkeH6qNHdvntBVSyE2EunJ82Tbvc4qIa8krpAu0EJySXqrvfwwihEc7YwdxJaLkHjztvyn4NVtvYhacce_h-pfUVtyZACcROal4Ea16_bc0FG-i8Nq-bpdd9f3-T00V9pYIMjsuMF8rzXjPE5GVvKNRPXy24vhfzpnSGhFWU8s62WcOxUz4eLV-45aDfrSPN3UjmFSxOFN35e2gyxicws75VMCJHQv5ZBtWXGvCFaTeLb8JH3UwuWZJOsEqLTgBsBsEIcugpP4kcooiljjZES97ChrEFHK1aSAhPWEZ_E9CF0WAhzc32w8dX13P7W6uuQfMRe6yDeSGp-Bc5Vs3kLj403YCrNadVhT5KvgErvv5ZcjT39gjLZGGmj5sfZ41IkYY30Qij9foW2hgChCX0CbGuybwdM4JASYgtDaA1N592lCsKOw95-1ziQsFXqfiJ3DV6ycn0-2-i1oGfa0ndkbCHrqL_4EH7-CLy23lwGjxDaFWggs7BaOhT3FaFmp3Jj6Z0UE-9MrAbStKhSyWsHBbAY5El0FfB53zAqc6H2K43g49aP8D3XMlrroLxM2NSfGi1PtVqKbJ4GsWu2xKiIN4CxiADxdh3Hc-_j7WcCeG-EQQn_HLhyvri_nZCn3sk24Cfz9ZyBQB8sx1rdEFzErBeEp5ipbKLfFOCK-7Aahw2Hrdn1UtMgvm7RmTIjcy-W_2TxNJXLYl9bsUl65e4R3ur9Tedz9UuKqLbU5ld0CdG4ZNyAOsJiG9EYyZzBjyI6drbMX_ONwj8pE-HBy93c26ZLOymDLuO4mo750PhhgykvdhUQenkuQ5XH_dEnv9oEjnbbWSdOvn6RSy82h6QAeZqmul2KTPICK-4gZdeNUpIb5ytHwI-wjaCP7kCkGowr7FG99CXjDms6uuu15s7gQ_407FMI6zOSRcm9DjNKu-t1rR-F_uG7g2zCFyKjkXIeOSp9GRKjJQ-Qa6KmE2Pf5kYMvWubTWf9POkBKwZHscBrcJqiqylhpcMbabk_ZZJzFZRiPoQTERXnW6LUm__ronJ_bNrg9xnUMOo_AOU-O0n7rP5haaAtDa2RWZF_88YM8LgNI2UufOGpqoa3untMPTa3YBKVGmIqhA_7PGqDmRjELSNf2WaCb69j0m3BGAv5wNbcaE7qwxdYxPTywqy1D5LmHCLnR11BOf6Ax2Yw6w40YUCJLcf2UJdZDJ0XtQM5og0mrFlvKBEwLGJK7RAWDKRqf3LmURplcNaN7V8kqAIrzg-ypR6nApbwic8XBN9cXZdV3wAT8t2bXzrAjFJR1YZFHdQxKKLX_zFeCbc0JEkOHR-r_7Z3kps1fqA69xZB5qGfFQAtiEfZaHdC3di8wHsnSSAkeQD5bHTT6Auaq01cBxwAtiFyn4uYqtopVvk8BjXYV8GofK67qxBs06OZrcYGCVs5iK_ZMkmWzPLKIwaIQl_Mz5hJynARgiQ85sVsZloM6QnwW8mKZywKES70P5OvO6IgoPsgnpGjiddVSxy2_TpazDobX_lvF2j4Kc5ECSyxy-Hhdnc6SEaqi5iU3DqHx-u3lIj8tb3_PNULU4VHvs_c2nljQf6sFmjRJG2up0vGRU34RYuLQRlScy89F3xrKBm7EbL-6gEP_t6mPPDawmMel30Q9tDjE5yhoyiAgOtGtZ4LUOKiPp1244e0S6ZCrjxOv63vM6YyKmDWPSGNl5fFkQYeMb6R6p3Op_miBn7NWqQ0x0a-D0aPBM5gmI3DP34yDQ6QTVXQwwl5ag2FkUTG0nui0_qHkFWQTpWKErujiIOScsbZYJRHL4izOJhA5MvP0AWgssR4kZ1dWH7-nx_mgBKdhM4mUSRH_ctGZrdHeUollE7mHrrDxXCTqDykGqPgdXp5Vy8AWD8ckjmTBkpcv8I_De2hWaojnct6aTP64V8MmsoKPRaNDNmOgAbxwHGBqWMHpHcRQQ0_oGBUAPqjBFRNV6nqffH7w2X4lKYpT7mbvMqtAw-nZa4GRSaBietZnB59_Yc-0W6qZiv8nqKAHVKne0N7MjU5oy0uhN8B6Dz-i1YLmQ2jBcJ70cXp7q5ZcTlkSTWB9MPvGBGTsSnybAZ2vJ-Q8UwMICjwjgaZN4mJcbyntiubuJpE&cid=CAASEuRoYVrGdAoNg7hWW29dQ1pVog&rfl=2%2Chttps%253A%252F%252Fwww.farfeshplus.online%252F%240
Frame ID: 982EE9F2C8C4655C352A0E33F76276C8
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: C8244E267D60A492C3ADDA2D55CC0BB4
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562
Frame ID: E85A47A21D82AB0EBCA8EE338E784284
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=67696600023845700951407011599025&a=04c3a0b3
Frame ID: B0461586A9E9E5607B841087CC9D4B92
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5741309AB57064F5AF9B8F67C1989437
Requests: 9 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: C186BD61F6C01911C7EDB7B631039635
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 9CAFD8C48AE276BFC9913F7C5E9DAF83
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 39877FC89C88E81E8B3D3093A7ACDDB2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: C96D852A688DBA05F1B3D46E25AC38B8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: 2DA96EDB92DC6103A951EB58E99D4DAE
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
Frame ID: E6469A056BA3EAFD9E49C9C92C7EF9C6
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: 3EC347BA3655123903B235956BB68F4A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C0DD992CB59E5B7FB163851894B76520
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: 0A9F51F9037689F787D8F2622E1D8284
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50
Frame ID: 8D599FF6C5D545CDC73BA1B234B0FAE1
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570
Frame ID: 6A02D46548C18B6709000D80C7B49213
Requests: 9 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.farfeshplus.online
Frame ID: CA2E6624DB1E8B7182F1B1B864F9777C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 76FBC22007C4628F9E5BD321F9BB5B46
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 174B5532ED1FCD52CDA026F6B58C6C07
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: B4C47678DC2E26A2A5FF74C654F18250
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 5C0E1010994FDBC4C0CB592B2DBFBEEF
Requests: 1 HTTP requests in this frame

Frame: blob://https://googleads.g.doubleclick.net/9fbec898-206a-4077-bb08-eb1fded9c1b9
Frame ID: 5F565BA0586B9BF4C1343E5C544FB327
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Frame ID: 5E63BC46283800F0BBAAD8B4C45F881E
Requests: 19 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Frame ID: 24AB760AC7D475E067E45D4551AB7F4D
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795 Page URL
https://www.farfeshplus.online/View.asp?ID=120795&Chosen_ID=&ZoneID=1773 HTTP 301
https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773 Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /\.aspx?(?:$|\?)/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

423
Requests

98 %
HTTPS

46 %
IPv6

49
Domains

75
Subdomains

64
IPs

7
Countries

6147 kB
Transfer

14385 kB
Size

4
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/FARFESH_PAGE

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=n4k8ltvfxq31chay2okd&widgetid=[eng_website_id]&teaserid=1
Title: Einfacher Trick, mit dem verlorenes Haar in 24 Tagen nachwächstChevelo Shampoo

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=0gxuvw61po28tgu39fxz&widgetid=[eng_website_id]&teaserid=4
Title: 3x größere Brust in 2 Wochen? Nur mit dieser Methode!Dermolium

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=n4k8ltvfxq31chay2okd&widgetid=[eng_website_id]&teaserid=3
Title: Hausmittel gegen Alopezie: volles Haar in nur 7 Tagen!Chevelo Shampoo

Search URL Search Domain Scan URL

URL: https://gecko.me/
Title: Recommended by

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=0gxuvw61po28tgu39fxz&widgetid=[eng_website_id]&teaserid=6
Title: 3x größere Brust in 2 Wochen? Nur mit dieser Methode!Dermolium

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=w6knj7sy0csx81ybmbij&widgetid=[eng_website_id]&teaserid=3
Title: Dieses Produkt ist der wahre Faltenkiller! Mit 53 aussehen wie 21Demaliss Serum

Search URL Search Domain Scan URL

URL: https://megalinksgrp.com/click.php?key=w6knj7sy0csx81ybmbij&widgetid=[eng_website_id]&teaserid=2
Title: Dieses Produkt ist der wahre Faltenkiller! Mit 53 aussehen wie 21Demaliss Serum

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795 Page URL
https://www.farfeshplus.online/View.asp?ID=120795&Chosen_ID=&ZoneID=1773 HTTP 301
https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://codeorigin.jquery.com/jquery-1.10.2.min.js HTTP 301
https://code.jquery.com/jquery-1.10.2.min.js

Request Chain 48

https://codeorigin.jquery.com/jquery-1.10.2.min.js HTTP 301
https://code.jquery.com/jquery-1.10.2.min.js

Request Chain 143

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJqHqSgg_PaVdLZfgsLCM_Sp6W2j8HcZG7ws1fyF1aVndrl2LHOr1cM-9tasJnyX73-LV-P-uENWIa_9JeRDuNOY8-a8mA&google_gid=CAESEC8c6JaxCyqbLUMDWLoOdM0&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCK2wkoUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVKcUhxU2dnX1BhVmRMWmZnc0xDTV9TcDZXMmo4SGNaRzd3czFmeUYxYVZuZHJsMkxIT3IxY00tOXRhc0pueVg3My1MVi1QLXVFTldJYV85SmVSRHVOT1k4LWE4bUE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNm9LSTZsSVM2QmhzWWhPQWJxS1pmbHRsdHRBbHpQdUtNZmdEZXVrLUZ5OA==&google_push

Request Chain 144

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_Tc4fwhJE72rtlwcKjVo-9XOKFHW0kbz&google_gid=CAESEGIWupxk68wId-4HnLu2qmc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_Tc4fwhJE72rtlwcKjVo-9XOKFHW0kbz&google_gid=CAESEGIWupxk68wId-4HnLu2qmc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_Tc4fwhJE72rtlwcKjVo-9XOKFHW0kbz

Request Chain 145

https://rtb.openx.net/sync/dds?google_gid=CAESEA5rnGUg35KNUSaLOwPulkU&google_cver=1&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEA5rnGUg35KNUSaLOwPulkU&google_cver=1&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w== HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w==&google_tc=

Request Chain 146

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFfsBp_7r4tgwiKMsm7GDWM&google_cver=1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFfsBp_7r4tgwiKMsm7GDWM&google_cver=1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg&google_tc=

Request Chain 147

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIVI_ulPJzg8ZCIQac3CPCM&google_cver=1&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl&google_tc=

Request Chain 148

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_cver=1&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1

Request Chain 160

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPuTykNJ76Zv6u5OgrgjWMs&google_cver=1&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5Ayu_oY_NJIXS4wtMEmrQ4Vye79gWi5vE9bcIkFhDI9Zyg HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5Ayu_oY_NJIXS4wtMEmrQ4Vye79gWi5vE9bcIkFhDI9Zyg&google_hm=jFfTwRhGqKL4QlceIDbnEw

Request Chain 162

https://rtb.openx.net/sync/dds?google_gid=CAESEMjnvmSF0J8UmcNQCabAfQY&google_cver=1&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F&google_hm=jENEv639xM8G96-aGFVa0w==

Request Chain 163

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPKaA1QWPxTJZXn6zhEghPU&google_cver=1&google_push=AQvitULrcaNBtG3zQ_dhiDCHpQpNnJ7aBUGbAfziFDSPGpR6JD4dMMZnYH5QJ5j0L3elCaWj5AZouY4QIp5TPqSb_lRiulu331XFgA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPKaA1QWPxTJZXn6zhEghPU&google_cver=1&google_push=AQvitULrcaNBtG3zQ_dhiDCHpQpNnJ7aBUGbAfziFDSPGpR6JD4dMMZnYH5QJ5j0L3elCaWj5AZouY4QIp5TPqSb_lRiulu331XFgA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULrcaNBtG3zQ_dhiDCHpQpNnJ7aBUGbAfziFDSPGpR6JD4dMMZnYH5QJ5j0L3elCaWj5AZouY4QIp5TPqSb_lRiulu331XFgA

Request Chain 164

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKAdJYUSuNl4mup5Q-Yaqf4&google_cver=1&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA&google_tc=

Request Chain 165

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_cver=1&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1

Request Chain 228

https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.farfeshplus.online%2F&ancestorOrigins=https%3A%2F%2Fwww.farfeshplus.online&random=9237551889622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.farfeshplus.online%2F&ancestorOrigins=https%3A%2F%2Fwww.farfeshplus.online&random=9237551889622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 237

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 238

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUKG_f9QjDBuzeIjSbLBGBoBz8qand3x2Yg9OTwYEYjL5XXM0n0d5bjLniR5T5FlKUjnVdBLr8CM-nbKmaQBvmEO_gBhlpo HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUKG_f9QjDBuzeIjSbLBGBoBz8qand3x2Yg9OTwYEYjL5XXM0n0d5bjLniR5T5FlKUjnVdBLr8CM-nbKmaQBvmEO_gBhlpo&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKG_f9QjDBuzeIjSbLBGBoBz8qand3x2Yg9OTwYEYjL5XXM0n0d5bjLniR5T5FlKUjnVdBLr8CM-nbKmaQBvmEO_gBhlpo

Request Chain 239

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoqBW4C7RJ5srqa2cJ59v8LvqyY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHTFUtMVktRThCUQ==&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoqBW4C7RJ5srqa2cJ59v8LvqyY

Request Chain 240

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU

Request Chain 242

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKU_VgTYn35djd9EtRsrHhWKo-oW7oH4HOfWkElX7UjyAaQ4auFh1r8eViXeAQ8oes5wD2pXidc75w0iTURWjbCQN1eg5SU HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKU_VgTYn35djd9EtRsrHhWKo-oW7oH4HOfWkElX7UjyAaQ4auFh1r8eViXeAQ8oes5wD2pXidc75w0iTURWjbCQN1eg5SU&google_hm=

Request Chain 251

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 253

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje76apZ0ho3e2dNfbgGhh31h7iCcTS6MZcK3x7aZHRgk HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje76apZ0ho3e2dNfbgGhh31h7iCcTS6MZcK3x7aZHRgk&google_hm=viUcxSTyNY3_0pEAkmFMjw

Request Chain 254

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_iFpeKRzZ_MgGn7JTsoJtS8wHLb-yd652nq_OsN4GuvhW228cWRZJDuuLiV&google_gid=CAESEPzjlyvLgVzxTvq6e-akpzk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFBTnNwU25Bbg&google_push=AQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_iFpeKRzZ_MgGn7JTsoJtS8wHLb-yd652nq_OsN4GuvhW228cWRZJDuuLiV

Request Chain 255

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 256

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUKcPKroHNK8aR5Go84wSZEZn007S9D2bErLMBSaXM9XVlyh_qKBHf-yn1yn-Ts0qfDEF6sDitXJFpmOXKZnAcUjcz3YGNLd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKcPKroHNK8aR5Go84wSZEZn007S9D2bErLMBSaXM9XVlyh_qKBHf-yn1yn-Ts0qfDEF6sDitXJFpmOXKZnAcUjcz3YGNLd

Request Chain 257

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgGF58OCZdUo9hPiCLgoHuVbgfRN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUEMtMTAtOVBJMw==&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgGF58OCZdUo9hPiCLgoHuVbgfRN

Request Chain 258

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1

Request Chain 259

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKrVXQpSLGxhOcM_K2kTJJp3_3klK2H9WCZuwlHgPRJ5fPsBNlKgM5951UTTIILAUxrYDZc7WGPEkfm9XL2ZVUZvlTBrsWx HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKrVXQpSLGxhOcM_K2kTJJp3_3klK2H9WCZuwlHgPRJ5fPsBNlKgM5951UTTIILAUxrYDZc7WGPEkfm9XL2ZVUZvlTBrsWx&google_hm=

Request Chain 262

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 267

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ_dbQ-QLxlhewMOGpHaU7n5gD2JPRQRMMri_MYzB_wk-lN0fPJ0pJl2O1dWQ&google_gid=CAESEPzjlyvLgVzxTvq6e-akpzk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTm5ubGlPTA&google_push=AQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ_dbQ-QLxlhewMOGpHaU7n5gD2JPRQRMMri_MYzB_wk-lN0fPJ0pJl2O1dWQ

Request Chain 268

https://d.agkn.com/pixel/2175/?google_gid=CAESEGpm8weIKC0PPArVZSHCdEY&google_cver=1&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ&google_hm=Q0FFU0VHcG04d2VJS0MwUFBBclZaU0hDZEVZ

Request Chain 269

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 270

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUI8jd59rrAoPeq58y6HM9BHQHHS0bXrz6jUEPBnB1gVG92KY7ufczVmYw8BQBJ2VJvLbFeDPG7ka4SRezhkooGe2t8KcdeVWA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI8jd59rrAoPeq58y6HM9BHQHHS0bXrz6jUEPBnB1gVG92KY7ufczVmYw8BQBJ2VJvLbFeDPG7ka4SRezhkooGe2t8KcdeVWA

Request Chain 271

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6JdXUxK_KLoYUKsr3C55NPb7tn3uQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUzAtRy0xSE9G&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6JdXUxK_KLoYUKsr3C55NPb7tn3uQ

Request Chain 272

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1

Request Chain 276

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1

Request Chain 277

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562

Request Chain 279

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 285

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8rkQC0ugTf-L5zOFqbRv6bIUlvWCsefEBNc9IXyGhfo HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8rkQC0ugTf-L5zOFqbRv6bIUlvWCsefEBNc9IXyGhfo&google_hm=viUcxSTyNY3_0pEAkmFMjw

Request Chain 286

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrBIscIhHQqXxAc4NnY7Tpakqh47xeLrK7z1pYFZfRWrDosse5ElHx6C_Lwy&google_gid=CAESEPzjlyvLgVzxTvq6e-akpzk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCYW5hMUhURg&google_push=AQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrBIscIhHQqXxAc4NnY7Tpakqh47xeLrK7z1pYFZfRWrDosse5ElHx6C_Lwy

Request Chain 287

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 288

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUIrDcl0mCUFZU4y27ExFdodFwNikqAXGwJIe0xG2rYGFkdOXq7g0g35aS_ZxIl0nKMJLUKFUF56JtC6AznZj1UGf6i6pgc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIrDcl0mCUFZU4y27ExFdodFwNikqAXGwJIe0xG2rYGFkdOXq7g0g35aS_ZxIl0nKMJLUKFUF56JtC6AznZj1UGf6i6pgc

Request Chain 289

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcKSxLvzhV6XkkBSnyo1m-UxCzxr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWjgtMTctQzhSUg==&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcKSxLvzhV6XkkBSnyo1m-UxCzxr

Request Chain 290

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0

Request Chain 291

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUICzWgQZj6SfPZ6mHz-Sk3_6jsRQv1DwkN6a5khZM8Ls8zM85XEC3cPYKfPXuU11JMPQB_nn2KdIlJY8MjMiyKDxYlCg6Bu HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUICzWgQZj6SfPZ6mHz-Sk3_6jsRQv1DwkN6a5khZM8Ls8zM85XEC3cPYKfPXuU11JMPQB_nn2KdIlJY8MjMiyKDxYlCg6Bu&google_hm=

Request Chain 293

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3joUKA_hRrgs5e8dxtw4YpoVtXD6iCgy9Wkpk9KRJO54 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3joUKA_hRrgs5e8dxtw4YpoVtXD6iCgy9Wkpk9KRJO54&google_hm=viUcxSTyNY3_0pEAkmFMjw

Request Chain 294

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45epoWQSYlGcrSKXFWLaHt9do8j4M9qw3PYog1Kbl-9L5C1NG-Z1tqHsR4A&google_gid=CAESEPzjlyvLgVzxTvq6e-akpzk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTzNrU0dGTQ&google_push=AQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45epoWQSYlGcrSKXFWLaHt9do8j4M9qw3PYog1Kbl-9L5C1NG-Z1tqHsR4A

Request Chain 295

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIVRbwxiL3WDXY2XPYv3WoAawQS5M4VpJwAyqcvpAmeM9jzFA3_ahBIs8bFQqKySKvVxOSob--QvORyoRgDY4yBg6Wxng&google_gid=CAESEIqfefeP4caPkZ5WIYHCwig&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIVRbwxiL3WDXY2XPYv3WoAawQS5M4VpJwAyqcvpAmeM9jzFA3_ahBIs8bFQqKySKvVxOSob--QvORyoRgDY4yBg6Wxng

Request Chain 296

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 297

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECcNPRnA1N7FOx3eGn02SjY&google_cver=1&google_push=AQvitUJ07otZ87uJRUeJ2RkYOQiEDl1KKRxoMCsTz9iN6F0t5j_DbKkxGy92hzUqj-z3519RDyT7IbNp4Z6-jLYx7t9oiT6HyYc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ07otZ87uJRUeJ2RkYOQiEDl1KKRxoMCsTz9iN6F0t5j_DbKkxGy92hzUqj-z3519RDyT7IbNp4Z6-jLYx7t9oiT6HyYc

Request Chain 298

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt7oAKbqpHewiT8Ecf1pprqnFc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWkktMVUtM0hNVw==&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt7oAKbqpHewiT8Ecf1pprqnFc

Request Chain 299

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ

Request Chain 304

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 305

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 320

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMtxMdbQEiBhP_zPKESdMeQ&google_cver=1&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_0qRXvC7WsnF0WAsb5E0qV5gMoaTJKvAUS5mdpyk-_g HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_0qRXvC7WsnF0WAsb5E0qV5gMoaTJKvAUS5mdpyk-_g&google_hm=viUcxSTyNY3_0pEAkmFMjw

Request Chain 321

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULQiJ3SWt48K5GpWWQyB_ZLOSSzW8wDFaPz2Gs9-3AZUBky8_46jhp2M86Qr1dd4EGUtzP6qj0QTWHbT26TPeYdP5ep1cg&google_gid=CAESEOr_kDbKIeV4tmQ0PdLMJfo&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULQiJ3SWt48K5GpWWQyB_ZLOSSzW8wDFaPz2Gs9-3AZUBky8_46jhp2M86Qr1dd4EGUtzP6qj0QTWHbT26TPeYdP5ep1cg

Request Chain 323

https://rtb.openx.net/sync/dds?google_gid=CAESEHYmkb22Cloy--QRgwP8qyc&google_cver=1&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 324

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEB8mnD4EKcqSAVGT4pF4IEY&google_cver=1&google_push=AQvitULS5hSbP9Qpz2toCSvB8frF1AXCwF44hAyUDEElf38rnGRFXlm-s9r3GWBfj1nTFCLxi4jeYl7HrM9s3evlvWHWa9Z-hPA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULS5hSbP9Qpz2toCSvB8frF1AXCwF44hAyUDEElf38rnGRFXlm-s9r3GWBfj1nTFCLxi4jeYl7HrM9s3evlvWHWa9Z-hPA

Request Chain 325

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENlLe3t_yyMgHe3guFylcIc&google_cver=1&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy-45_Q-KIUQX9of70rYDbKIBo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIQ1YtMUgtNTBVRQ==&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy-45_Q-KIUQX9of70rYDbKIBo

Request Chain 326

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELntcUZ-Pnu647gDqsku1iw&google_cver=1&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw

Request Chain 331

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMVDlV8Vuoa16hHPFXgGtfwHu2VLtFC7pByNBzf4QwVwUXnsa87BSEr37iM&google_gid=CAESEPzjlyvLgVzxTvq6e-akpzk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCRWJoVEhBNg&google_push=AQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMVDlV8Vuoa16hHPFXgGtfwHu2VLtFC7pByNBzf4QwVwUXnsa87BSEr37iM

Request Chain 332

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULLYuxw3vUHOUcikuk3oxzxfh_ydUOWtxVDkOHNQh7vRjuAyzcly60BuJMfCrgNosAAKSxquW-Atk_X9JDzFRuZi9zuZ26x&google_gid=CAESEIqfefeP4caPkZ5WIYHCwig&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULLYuxw3vUHOUcikuk3oxzxfh_ydUOWtxVDkOHNQh7vRjuAyzcly60BuJMfCrgNosAAKSxquW-Atk_X9JDzFRuZi9zuZ26x

Request Chain 333

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Request Chain 334

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr5G7J8NvVTK2jYrNWEXmAfB1A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIREctMVktRzlSUg==&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr5G7J8NvVTK2jYrNWEXmAfB1A

Request Chain 335

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD

Request Chain 336

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKNOx2Am8tdXIzJasFYLoXnwqGML-lBnbo9XGHfWwYYAZAi10Q4wbTqeIRjJ6qLkzenrVAem6B-vW5Bx9bq06a1QwR7-gjyog HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKNOx2Am8tdXIzJasFYLoXnwqGML-lBnbo9XGHfWwYYAZAi10Q4wbTqeIRjJ6qLkzenrVAem6B-vW5Bx9bq06a1QwR7-gjyog&google_hm=

Request Chain 344

https://www.facebook.com/plugins/comments.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570 HTTP 302
https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570

423 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK StreamVideo.asp Show response
mobile.farfeshplus.online/ 58 KB
12 KB 340ms
68ms Document
text/html 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: f1c0ff44ef7b2108563d7acee7bd9854ac44999914a1fe1a5d966e122366040f

Request headers

Host: mobile.farfeshplus.online
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
cache-control: max-age=300
X-Cacheable: YES
Content-Length: 11620
Accept-Ranges: bytes
Date: Wed, 19 May 2021 04:46:32 GMT
Connection: keep-alive
X-Cache: HIT
age: 0

GET
H2 200 up.js Show response
live.demand.supply/ 0
255 B 71ms
56ms Script
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 651aaea4cb692b95-FRA
content-length: 0
cf-request-id: 0a248b7b0200002b9513b59000000001

GET
H/1.1 200
OK MobileSheet.css
mobile.farfeshplus.online/ 7 KB
7 KB 65ms
64ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/MobileSheet.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: d3b6fc02fa9ecb6053a4f92cb409717894443f50da2e3dad7e4f3df715f7ca6b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Mon, 16 Oct 2017 18:25:20 GMT
age: 0
ETag: "93ecb51fac46d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7354

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 38ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

ab70d87e0d9568a827b4e2003b1de9858112f12bfd88f15cf14487d698a23889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "876 / 482 of 1000 / last-modified: 1621375774"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21321
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H/1.1 200
OK jquery-1.5.js Show response
mobile.farfeshplus.online/ 207 KB
207 KB 206ms
69ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/jquery-1.5.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 3613c89747be4a2d5dc17f442d0a482da665784e2e5a3931fb9a1fc38fa0fa8d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Sun, 15 Oct 2017 08:47:22 GMT
age: 0
ETag: "c737e4379245d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 211978

GET
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 41ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47946
x-xss-protection: 0
server: cafe
etag: 18260956113010957495
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H2 200 gpt.js
www.googletagservices.com/tag/js/ 62 KB
21 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "876 / 597 of 1000 / last-modified: 1621375774"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21321
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H/1.1 200
OK 11newstyle.css
mobile.farfeshplus.online/cssN/ 20 KB
20 KB 129ms
64ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/cssN/11newstyle.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 5b047e98b8e64dadf88aa768f38c9229b478ab7ba03b553125954b146acf0147

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Sun, 15 Oct 2017 20:03:46 GMT
age: 0
ETag: "5a49d0b5f045d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20133

GET
H/1.1 200
OK fonts.css
mobile.farfeshplus.online/s.m.farfesh/fonts/ 1 KB
776 B 191ms
64ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/fonts/fonts.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 90acdec7799a0f5d492c728dace212a1a401dbcc19aa8ac89fb9af5e3fdb094c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:00:21 GMT
age: 0
ETag: "40764c3bf045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 438

GET
H/1.1 200
OK font-awesome.css
mobile.farfeshplus.online/s.m.farfesh/fonts/ 32 KB
8 KB 196ms
65ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/fonts/font-awesome.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 8e17416059f9e1ada9694ae457d869c6c2941d9da66c9e9ac5d725ab45b50d81

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:00:24 GMT
age: 0
ETag: "141d133df045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7592

GET
H/1.1 200
OK slick.css
mobile.farfeshplus.online/s.m.farfesh/css/ 2 KB
1 KB 200ms
67ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/css/slick.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 5e222b39268472a317e525e278ade9b08438d0e94d791a2b88c5acb11456f2d6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:00:12 GMT
age: 0
ETag: "caa23136f045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 781

GET
H/1.1 200
OK hover.css
mobile.farfeshplus.online/s.m.farfesh/css/ 102 KB
12 KB 199ms
66ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/css/hover.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 469aac82208420399668a08062d50b404aa5f1233da32e2bcbdcd1e1905492c2

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:00:15 GMT
age: 0
ETag: "9c3ee537f045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12075

GET
H/1.1 200
OK slick.js Show response
mobile.farfeshplus.online/s.m.farfesh/js/ 80 KB
20 KB 231ms
78ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/js/slick.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: aac9552f07e57bcbfa55fd1ecf3a698bfaf85fcba44fd1abeaf75e2ec9bc0caf

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:01:14 GMT
age: 0
ETag: "0cbca5af045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20028

GET
H/1.1 200
OK jquery.min.js Show response
mobile.farfeshplus.online/s.m.farfesh/js/ 94 KB
42 KB 255ms
63ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/js/jquery.min.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:01:14 GMT
age: 0
ETag: "febfb75af045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42874

GET
H/1.1 200
OK bootstrap.min.js Show response
mobile.farfeshplus.online/s.m.farfesh/js/ 36 KB
13 KB 260ms
64ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/s.m.farfesh/js/bootstrap.min.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Oct 2017 20:01:12 GMT
age: 0
ETag: "b81135af045d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12955

GET
H2

200

jquery-1.10.2.min.js Show response
code.jquery.com/
Redirect Chain

https://codeorigin.jquery.com/jquery-1.10.2.min.js
https://code.jquery.com/jquery-1.10.2.min.js

91 KB
32 KB

22ms
8ms

Script
application/javascript

2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.10.2.min.js
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-16bb3"
vary: Accept-Encoding
x-hw: 1621399594.dop240.fr8.t,1621399594.cds284.fr8.hc,1621399594.cds272.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 32788

Redirect headers

Date: Wed, 19 May 2021 05:06:27 GMT
Server: nginx
Location: https://code.jquery.com/jquery-1.10.2.min.js
Content-Type: text/html
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Connection: keep-alive
Content-Length: 178
Expires: Fri, 18 Jun 2021 05:06:27 GMT

GET
H/1.1 200
OK twittericon.png
mobile.farfeshplus.online/images/ 1 KB
2 KB 69ms
68ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/twittericon.png
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Fri, 13 Oct 2017 14:30:45 GMT
age: 0
ETag: "8450f3da2f44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1362

GET
H/1.1 200
OK facebookicon.png
mobile.farfeshplus.online/images/ 1 KB
1 KB 64ms
64ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/facebookicon.png
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Fri, 13 Oct 2017 14:30:38 GMT
age: 0
ETag: "8b6dd2d62f44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1198

GET
H/1.1 200
OK farfeshplas.cell.logoB-Ramadan.jpg
mobile.farfeshplus.online/images/ 6 KB
7 KB 68ms
68ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/farfeshplas.cell.logoB-Ramadan.jpg
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Wed, 16 May 2018 18:18:18 GMT
age: 0
ETag: "eae3de4342edd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6623

GET
H/1.1 200
OK pixWhite.jpg
mobile.farfeshplus.online/images/ 631 B
924 B 64ms
64ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/pixWhite.jpg
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
Last-Modified: Fri, 13 Oct 2017 14:30:40 GMT
age: 0
ETag: "7b227ad82f44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 631

GET
H/1.1 200
OK ramad2020.jpg
mobile.farfeshplus.online/images/ 7 KB
8 KB 69ms
69ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/ramad2020.jpg
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Wed, 14 Apr 2021 18:48:28 GMT
age: 0
ETag: "6824f7c15e31d71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7666

GET
H/1.1 200
OK spacer.gif
mobile.farfeshplus.online/images/ 47 B
338 B 65ms
65ms Image
image/gif 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/spacer.gif
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Fri, 13 Oct 2017 14:30:43 GMT
age: 0
ETag: "ff33add92f44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/gif
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47

GET
H/1.1 200
OK button_white_play.png
www.farfeshplus.online/images/ 2 KB
2 KB 198ms
66ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/button_white_play.png
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Mon, 02 Oct 2017 06:55:49 GMT
age: 0
ETag: "e8bb237b4b3bd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2041

GET
H/1.1 200
OK RNivig.gif
mobile.farfeshplus.online/images/ 221 B
513 B 65ms
64ms Image
image/gif 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/RNivig.gif
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Fri, 13 Oct 2017 14:30:42 GMT
age: 0
ETag: "19377bd92f44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/gif
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 221

GET
H/1.1 200
OK farfesh-logo_short.png
mobile.farfeshplus.online/images/ 15 KB
15 KB 64ms
64ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobile.farfeshplus.online/images/farfesh-logo_short.png
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Mon, 12 Feb 2018 19:51:18 GMT
age: 0
ETag: "842a25d93aa4d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15164

GET
H2 200 js
www.googletagmanager.com/gtag/ 88 KB
35 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-192956646-1

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35702
x-xss-protection: 0
last-modified: Wed, 19 May 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H3-29 200 js
www.googletagmanager.com/gtag/ 118 KB
45 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DNX5KLEBSB

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46490
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H/1.1 404
Not Found bootstrap.min.css
mobile.farfeshplus.online/css/ 0
0 69ms
69ms Stylesheet
text/html 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://mobile.farfeshplus.online/css/bootstrap.min.css
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/cssN/11newstyle.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mobile.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://mobile.farfeshplus.online/cssN/11newstyle.css
Connection: keep-alive
Referer: https://mobile.farfeshplus.online/cssN/11newstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:32 GMT
X-Cacheable: YES
age: 0
X-Cache: HIT
Content-Type: text/html; charset=utf-8
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5248

GET
H3-29 200 pubads_impl_2021051301.js
securepubads.g.doubleclick.net/gpt/ 306 KB
108 KB 29ms
14ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 08:39:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110161
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H/1.1

200
OK

Primary Request vidmain.asp Show response
www.farfeshplus.online/
Redirect Chain

https://www.farfeshplus.online/View.asp?ID=120795&Chosen_ID=&ZoneID=1773
https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

94 KB
21 KB

215ms
193ms

Document
text/html

185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 28d3c289500ce1db232259e9802da11ce9137eaa902a8a730bf8507af2fd13df

Request headers

Host: www.farfeshplus.online
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://mobile.farfeshplus.online/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Response headers

Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
cache-control: max-age=300
X-Cacheable: YES
Content-Length: 21334
Accept-Ranges: bytes
Date: Wed, 19 May 2021 04:46:33 GMT
Connection: keep-alive
X-Cache: MISS
age: 0

Redirect headers

Content-Type: text/html
Location: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
cache-control: max-age=300
X-Cacheable: YES
Content-Length: 96657
Accept-Ranges: bytes
Date: Wed, 19 May 2021 04:46:33 GMT
Connection: keep-alive
X-Cache: MISS
age: 0

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 41ms
27ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1231661633440980&plah=mobile.farfeshplus.online&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mobile.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 04:46:34 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame EFC9 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mobile.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mobile.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 01:00:52 GMT
expires: Wed, 02 Jun 2021 01:00:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 13542
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 up.js Show response
live.demand.supply/ 0
83 B 63ms
61ms Script
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 651aaead09022b95-FRA
content-length: 0
cf-request-id: 0a248b802600002b954814a000000001

GET
H3-29 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47946
x-xss-protection: 0
server: cafe
etag: 18260956113010957495
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 17ms
16ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

dea033e75dd8118f931e11ff9afbcc34cd29e99a6c0e53816ac20ac5969f12b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "876 / 203 of 1000 / last-modified: 1621375838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21268
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.3.2/ 56 KB
20 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 07:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163547
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19926
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 May 2022 07:20:48 GMT

GET
H/1.1 200
OK jquery.timers.js Show response
www.farfeshplus.online/s.farfesh/js/ 3 KB
2 KB 68ms
67ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/js/jquery.timers.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: d93f4f764048996df486e96b2c68f15f4f3b1c110eaff398b681c15b43aa9772

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 12:21:24 GMT
age: 0
ETag: "4eecc5f6783bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1311

GET
H/1.1 200
OK jquery.autoScroller.js Show response
www.farfeshplus.online/s.farfesh/js/ 1 KB
1009 B 195ms
65ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/js/jquery.autoScroller.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 3a4fc14180ae118f278fef24fed0c73cb65bb14049d68f0f43b7041090965aa8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 12:21:20 GMT
age: 0
ETag: "aa3575f4783bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 655

GET
H/1.1 200
OK NavigMenu.js Show response
www.farfeshplus.online/general.files/js/ 10 KB
3 KB 195ms
65ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/general.files/js/NavigMenu.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: cce45bed757c6288dd85428e91a2bb91927ce0f1a6cec010ac9f5db184670a7e

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Oct 2017 19:18:36 GMT
age: 0
ETag: "628f991fc41d31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2668

GET
H/1.1 200
OK slick.js Show response
www.farfeshplus.online/s.farfesh/js/ 80 KB
20 KB 197ms
65ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/js/slick.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: aac9552f07e57bcbfa55fd1ecf3a698bfaf85fcba44fd1abeaf75e2ec9bc0caf

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 07:05:02 GMT
age: 0
ETag: "55b6a2c44c3bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20028

GET
H/1.1 200
OK jquery.min.js Show response
www.farfeshplus.online/s.farfesh/js/ 94 KB
42 KB 198ms
66ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/js/jquery.min.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 07:05:02 GMT
age: 0
ETag: "4a7f43c44c3bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42874

GET
H/1.1 200
OK bootstrap.min.js Show response
www.farfeshplus.online/s.farfesh/js/ 36 KB
13 KB 226ms
76ms Script
application/x-javascript 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/js/bootstrap.min.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 07:05:01 GMT
age: 0
ETag: "a0a9e6c34c3bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12955

GET
H/1.1 200
OK CssClear1.css
www.farfeshplus.online/s.farfesh/Css/ 74 KB
16 KB 112ms
66ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: a0bec107dc5e1169feb956927f5aa851ce5aa0231f38c0c99ac23cfe7c37a770

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Sat, 08 Aug 2020 19:16:35 GMT
age: 0
ETag: "4498996eb86dd61:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15905

GET
H/1.1 200
OK fonts.css
www.farfeshplus.online/fontsNew/ 1 KB
776 B 130ms
64ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/fontsNew/fonts.css
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 90acdec7799a0f5d492c728dace212a1a401dbcc19aa8ac89fb9af5e3fdb094c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 07:12:17 GMT
age: 0
ETag: "2672a6c74d3bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 438

GET
H/1.1 200
OK font-awesome.css
www.farfeshplus.online/fontsNew/ 32 KB
8 KB 182ms
68ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/fontsNew/font-awesome.css
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 813e08a0b6c28a3370c1b31ff8ca993a9655288f107b63425a898fe59fe4b806

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 07:25:01 GMT
age: 0
ETag: "b9f94b8f4f3bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7581

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-192956646-1

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

551501f0c74f0a11365a588dcdc0283e0d8212a74108d3f65976f84dda3f9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35700
x-xss-protection: 0
last-modified: Wed, 19 May 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 118 KB
45 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DNX5KLEBSB

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7a3970fd1b3a9d74bad2fc07e945397246d5da9a8e02d5d85b51cc5253259874

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46491
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H2 200 jquery-latest.js Show response
code.jquery.com/ 276 KB
82 KB 15ms
12ms Script
application/javascript 2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-latest.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:08 GMT
server: nginx
etag: "54499a48-4508e"
vary: Accept-Encoding
x-hw: 1621399595.dop240.fr8.t,1621399595.cds284.fr8.hc,1621399595.cds254.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 83875

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dea033e75dd8118f931e11ff9afbcc34cd29e99a6c0e53816ac20ac5969f12b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "876 / 283 of 1000 / last-modified: 1621375838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21268
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H2

200

jquery-1.10.2.min.js Show response
code.jquery.com/
Redirect Chain

https://codeorigin.jquery.com/jquery-1.10.2.min.js
https://code.jquery.com/jquery-1.10.2.min.js

91 KB
32 KB

10ms
9ms

Script
application/javascript

2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.10.2.min.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-16bb3"
vary: Accept-Encoding
x-hw: 1621399595.dop240.fr8.t,1621399595.cds284.fr8.hc,1621399595.cds272.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 32788

Redirect headers

Date: Wed, 19 May 2021 05:06:28 GMT
Server: nginx
Location: https://code.jquery.com/jquery-1.10.2.min.js
Content-Type: text/html
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000, public
Connection: keep-alive
Content-Length: 178
Expires: Fri, 18 Jun 2021 05:06:28 GMT

GET
H2 200 rmp.min.js Show response
cdn.radiantmediatechs.com/rmp/3.10.6/js/ 351 KB
76 KB 70ms
39ms Script
application/javascript 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/3.10.6/js/rmp.min.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86252e3fc1d09819a33efba7e0781623cd2fa0386885b9f229d95e16d23acccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1617586
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b804900001f31d3238000000001
timing-allow-origin: *
last-modified: Mon, 06 Jul 2020 13:34:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gv9Zlfg6w4p0twI5hzJWd%2FtK7LpUGMxgPAP3HpwOmrYe7IzFmiVgXaKV0g9lFvqwbLQRvQkFwZr3utdug10b1B8I%2FxdvbEvJ9NQgU1Zspnk8eRoYEbGFJJHhMfjRpp7eDFkTAr29"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 651aaead3cd01f31-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Thu, 19 May 2022 04:46:35 GMT

GET
H/1.1 200
OK recangelorange.png
www.farfeshplus.online/images/ 1002 B
1 KB 76ms
69ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/recangelorange.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 66bdbc6f334ad5094c875459d3a9b88c52f2f065759d45f0d5c8d0262d327ddf

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Wed, 04 Oct 2017 17:12:10 GMT
age: 0
ETag: "65ef4eea333dd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1002

GET
H/1.1 200
OK spacer.gif
www.farfeshplus.online/images/ 47 B
338 B 69ms
66ms Image
image/gif 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/spacer.gif
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 414065eb8bccfeced9386a863dba180b1ab3153b18395b3bd4e855e0ee860f4e

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Wed, 31 Mar 2021 10:07:53 GMT
age: 0
ETag: "affecbb61526d71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/gif
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47

GET
H/1.1 200
OK twittericon.png
www.farfeshplus.online/images/ 1 KB
2 KB 67ms
64ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/twittericon.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 9edd827965a6e1332c3aac5d7d0cc16269f4536a33817f25cb92703f5953c836

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Mon, 02 Oct 2017 06:57:13 GMT
age: 0
ETag: "675912ad4b3bd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1362

GET
H/1.1 200
OK ramadan2020.gif
www.farfeshplus.online/images/ 183 KB
183 KB 78ms
76ms Image
image/gif 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/ramadan2020.gif
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 2c4f0bcb699b110d5cb89f843d624dda1bc7a5af9e41d26d1b67259f152f7a17

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Fri, 30 Apr 2021 22:32:50 GMT
age: 0
ETag: "1d8676c0103ed71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/gif
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187539

GET
H/1.1 200
OK iconVideoNew1.png
www.farfeshplus.online/images/ 984 B
1 KB 66ms
64ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/iconVideoNew1.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 028e3e56a2f7b570857e2bc020a3e6dd49c6174d3d7ed36374384895ab880fb6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Mon, 02 Oct 2017 06:56:19 GMT
age: 0
ETag: "96acfb8c4b3bd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 984

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 36ms
29ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1231661633440980&plah=www.farfeshplus.online&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame 2A2B 10 KB
4 KB 16ms
13ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 01:00:52 GMT
expires: Wed, 02 Jun 2021 01:00:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 13543
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 1773.jpg
www.farfeshplus.online/ramadanimages/ 33 KB
33 KB 75ms
68ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/ramadanimages/1773.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 646f9d1dabfc0a469e6f5041281c3ae403cc2d5c59d08623ad7f1e504e9be0d7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Sun, 11 Apr 2021 15:50:06 GMT
age: 0
ETag: "6f604058ea2ed71:0"
X-Cacheable: YES
X-Cache: MISS
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33462

GET
H/1.1 200
OK play-btn.png
www.farfeshplus.online/images/ 2 KB
3 KB 74ms
67ms Image
image/png 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/play-btn.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: e45240546bfaeea08e1780d1cb27367287317dcdf76ec28c2c3d3b4a4af8cac8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Wed, 04 Oct 2017 10:52:41 GMT
age: 0
ETag: "174ddee6fe3cd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/png
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2309

GET
H/1.1 200
OK b237205.jpg
www.farfeshplus.online/pic_server/articles_images/Out-image/ 53 KB
53 KB 65ms
64ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/pic_server/articles_images/Out-image/b237205.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 1f0500a27828d59073601a58f25e82e40f9fb4aed6e1321ae3f0e191c3c302c5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Tue, 18 May 2021 14:26:42 GMT
age: 0
ETag: "78e7e5d2f14bd71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 54220

GET
H/1.1 200
OK b237199.jpg
www.farfeshplus.online/pic_server/articles_images/Out-image/ 27 KB
27 KB 64ms
63ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/pic_server/articles_images/Out-image/b237199.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: e83f44448b1936bd1cf7c689419be7dd5ae8001e7789b349e513d14ed4d24ba4

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Tue, 18 May 2021 11:00:48 GMT
age: 0
ETag: "f2ffefed54bd71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27515

GET
H/1.1 200
OK b237207.jpg
www.farfeshplus.online/pic_server/articles_images/Out-image/ 46 KB
46 KB 67ms
66ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/pic_server/articles_images/Out-image/b237207.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: ab2ac26878723e8344cdc7a4dc137796b3d1309852307d44c57f0a1bf540cc07

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Last-Modified: Tue, 18 May 2021 15:06:41 GMT
age: 0
ETag: "aa69a68f74bd71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 46972

GET
H/1.1 200
OK b237201.jpg
www.farfeshplus.online/pic_server/articles_images/Out-image/ 74 KB
74 KB 67ms
66ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/pic_server/articles_images/Out-image/b237201.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: db6f4e12488601f7cee9a4fe6850fad96bec8d7502c09eb1cfd071705c85915f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Connection: keep-alive
Referer: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:34 GMT
Last-Modified: Tue, 18 May 2021 12:33:13 GMT
age: 0
ETag: "c5d19f8e14bd71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 75516

GET
H/1.1 200
OK bootstrap.min.css
www.farfeshplus.online/s.farfesh/Css/ 118 KB
27 KB 68ms
67ms Stylesheet
text/css 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.farfeshplus.online/s.farfesh/Css/bootstrap.min.css
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Connection: keep-alive
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 12:06:51 GMT
age: 0
ETag: "af7da4ee763bd31:0"
X-Cacheable: YES
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27695

GET
H3-29 200 pubads_impl_2021051701.js Show response
securepubads.g.doubleclick.net/gpt/ 308 KB
108 KB 21ms
14ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

65bd64f93eeb0e9cac00f8ed11c2a9c4663907c5a96b7c80bfd2c7502141939b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 00:12:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110938
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:35 GMT

GET
H/1.1 200
OK atrk.js Show response
certify-js.alexametrics.com/ 4 KB
2 KB 106ms
30ms Script
application/javascript 99.86.242.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://certify-js.alexametrics.com/atrk.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-65.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 27 Apr 2021 18:07:27 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
Age: 1852749
ETag: W/"d89453438fbf10dcf4c13265c40d5160"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ff42f0c276df6efb8ccff2182e6cfe91.cloudfront.net (CloudFront)
Cache-Control: max-age=26920000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: VIE50-C1
X-Amz-Cf-Id: o7TbFYTx4t3Wz40DWHU79GdrATUpNkISJG0rhfsuGwuqB4Pg6SwL1A==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 52ms
12ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bccee4f9154fd1cf22764d19840d5e8a5f3bf3be708d32ba4e5f08d661988e5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: u7bg/gwRC+VT9hj+qidTKQ==
cross-origin-resource-policy: cross-origin
expires: Wed, 19 May 2021 05:05:33 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: +bql0GdczIWFBphKGZKPrc5Nq8ceuPLP543a9zhmeO25nDlRxoYFWb3e1hl6QAX0qTU9Athlm4vZ3P8PrP3hsA==
x-fb-trip-id: 1709462857
x-fb-content-md5: 3b45be6658223ec5380345322491725b
date: Wed, 19 May 2021 04:46:35 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "7d48a5afdaf1813fff7cf8bf332a4d59"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-192956646-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4599
date: Wed, 19 May 2021 03:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 19 May 2021 05:29:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 118 KB
45 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DNX5KLEBSB&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-192956646-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

80163332a4f6ad3247da0209787eb18e4cd778d93f3a3b6bbda7997080ef34a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46491
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:35 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-DNX5KLEBSB&gtm=2oe5c1&_p=1792428796&sr=1600x1200&ul=en-us&cid=1122770643.1621399596&_s=1&dl=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&dr=https%3A%2F%2Fmobile.farfeshplus.online%2F&dt=Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4&sid=1621399595&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DNX5KLEBSB
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.farfeshplus.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK farfeshplusmasterBR.jpg
www.farfeshplus.online/images/ 4 KB
4 KB 68ms
67ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/farfeshplusmasterBR.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: ac7b85c89057a31981b2af0d754be1b67ab4af30d0d0b99e3088ea38562e2f38

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Cookie: _ga_DNX5KLEBSB=GS1.1.1621399595.1.0.1621399595.0; _ga=GA1.1.1122770643.1621399596
Connection: keep-alive
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:34 GMT
Last-Modified: Thu, 05 Oct 2017 06:29:33 GMT
age: 0
ETag: "ca42b54ea33dd31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3887

GET
H/1.1 200
OK farfeshplasmasterlogo215x54.new.jpg
www.farfeshplus.online/images/ 8 KB
8 KB 66ms
65ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/farfeshplasmasterlogo215x54.new.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 8a4ff76232f9c5b9a8829282a44f96a88ad7c45f64ac597228805b1e8e6074ef

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Cookie: _ga_DNX5KLEBSB=GS1.1.1621399595.1.0.1621399595.0; _ga=GA1.1.1122770643.1621399596
Connection: keep-alive
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:34 GMT
Last-Modified: Sat, 25 Nov 2017 14:02:31 GMT
age: 0
ETag: "a910839f665d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8143

GET
H/1.1 200
OK search1.jpg
www.farfeshplus.online/images/ 2 KB
2 KB 76ms
73ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/images/search1.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: fa40f4a8ee08b163e5c78cd66b81799e23cb9a95ee661c1218a11fc6f3d02431

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
Cookie: _ga_DNX5KLEBSB=GS1.1.1621399595.1.0.1621399595.0; _ga=GA1.1.1122770643.1621399596
Connection: keep-alive
Referer: https://www.farfeshplus.online/s.farfesh/Css/CssClear1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:34 GMT
Last-Modified: Sat, 14 Oct 2017 15:06:45 GMT
age: 0
ETag: "c9f9f7cfe44d31:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1641

GET
H2 200 / Show response
www.wintv.live/player1/farfeshplushlsadz/ Frame 99D7 2 KB
1 KB 301ms
88ms Document
text/html 62.90.37.40
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wintv.live/player1/farfeshplushlsadz/?video=2vod5n/zizy-1.mp4&poster=https://www.farfeshplus.online/ramadanimages/1773.jpg&ads=1&schedule=all
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.90.37.40 Ramat Gan, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: santafea.aumix.net
Software: Apache/2 / PHP/7.2.31
Resource Hash: 803e8096317023d4f00a7d7bd24197562c658bd82771f81387270977c0524baa

Request headers

:method: GET
:authority: www.wintv.live
:scheme: https
:path: /player1/farfeshplushlsadz/?video=2vod5n/zizy-1.mp4&poster=https://www.farfeshplus.online/ramadanimages/1773.jpg&ads=1&schedule=all
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
server: Apache/2
x-powered-by: PHP/7.2.31
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1023
content-type: text/html; charset=UTF-8

GET
H3-29 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8b5d984e6d2cdaf64b8a50c9b645e347e74ffa712aa0b9422015700c98f9bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5863
x-xss-protection: 0
server: cafe
etag: 12453517290502062038
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 05:02:35 GMT

GET
H/1.1 200
OK _widget_loader.js Show response
widget.postquare.com/ 91 KB
23 KB 49ms
9ms Script
application/javascript 2a02:26f0:6c00:28b::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.postquare.com/_widget_loader.js
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28b::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9283c18ab5dee682a522d80816bb73da73cdba28e97146b8e133de84c99266d4

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 May 2021 10:38:41 GMT
Server: nginx
ETag: W/"608fd2b1-16b61"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 23344
Expires: Wed, 19 May 2021 06:46:35 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1792428796&t=pageview&_s=1&dl=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&dr=https%3A%2F%2Fmobile.farfeshplus.online%2F&ul=en-us&de=windows-1256&dt=Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=2087977860&gjid=467167969&cid=1122770643.1621399596&tid=UA-192956646-1&_gid=323140593.1621399596&_r=1&gtm=2ou5c1&z=64563505

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.farfeshplus.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 208 B
647 B 51ms
17ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.farfeshplus.online&callback=_gfp_s_&client=ca-pub-1231661633440980

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1231661633440980&plah=www.farfeshplus.online&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

6210b7f1e8ac2cba429f73aa394356bc692f6085493c2f5e2a234a20b7c1463d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&tn=DIV&cls=plus_sulvo_160x600&ign=false

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 42ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 44ms
16ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 42AE 9 KB
879 B 84ms
83ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&adk=1812271804&adf=3025194257&lmt=1621399596&plat=1%3A16809992%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595425&bpp=74&bdt=386&idt=578&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=617

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75ebaa46801544e004a5e085fcce71da892111e6888aa5130ea041e3561631fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&adk=1812271804&adf=3025194257&lmt=1621399596&plat=1%3A16809992%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595425&bpp=74&bdt=386&idt=578&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=617
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:36 GMT
server: cafe
content-length: 856
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 19-May-2021 05:01:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:36 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:36 GMT

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 213 KB
63 KB 30ms
13ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=51e3884bbe6d28428179d7cc181dbbaa&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c06ff260eb797c58298e9b6f44707766545cbee3776fa0712e17e6a4c4dedd4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.farfeshplus.online
Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: qeyKdrihgKTDlCyAAUzNsA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64659
x-fb-rlafr: 0
x-fb-debug: gsNGRdDoPvLVS6KZYd2n1iKUA7NweXjxMD6uHeJeaamMFzBe0W479sPXeTMFBm9kSRpF0alrEDvAuEpvscqdPw==
x-fb-content-md5: 79c2f67d2ed91ca342981983cf582d74
x-frame-options: DENY
date: Wed, 19 May 2021 04:46:36 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "bca5819b302adef8a7d129c3246c62d2"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 May 2022 04:41:21 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
552 B 99ms
31ms Image
image/gif 13.32.14.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4&time=1621399596066&time_zone_offset=-120&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmobile.farfeshplus.online%2F&host_url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&random_number=4817201012&sess_cookie=657bc81417982f26c227e3b5860&sess_cookie_flag=1&user_cookie=657bc81417982f26c227e3b5860&user_cookie_flag=1&dynamic=true&domain=farfeshplus.online&account=FnJwi1aUS/00MS&jsv=20130128&user_lang=en-US
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.14.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-14-47.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 05:39:36 GMT
Via: 1.1 4a902cabdcc0eca6e00cc44c2a8b91da.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 83221
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: VIE50-C2
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: sn9LHVTHic_GhPx5zwQuUD5ZZhQ6Gi34-PnnHp57OttwAfrq3WBEZw==

GET
H2 204 x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ 0
48 B 561ms
185ms Image
text/plain 52.35.171.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.171.122 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-171-122.us-west-2.compute.amazonaws.com
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
server: Server

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 84 KB
13 KB 181ms
181ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1395230846843737&correlator=1131934548835550&output=ldjh&impl=fifs&eid=31061041%2C31061220&vrg=2021051701&ptt=17&sc=1&sfv=1-0-38&ecs=20210519&iu_parts=60345044%2CNew_Pirsom_Top%2CFarfeshplus_Disply_Adsense%2CFarfeshplus_Adsense_120x600%2CFarfeshplus_Adsense_160x600%2CFarfeshplus_Adsense_300x250%2CFarfeshplus_Adsense_300x600%2CFarfeshplus_Adsense_320x100%2CFarfeshplus_Adsense_320x50%2CFarfeshplus_Adsense_728x90%2CFarfeshplus_Adsense_970x250%2CFarfeshplus_Adsense_970x90%2CFarfeshplus_Adsense_Mobile_300x250%2CFarfeshplus_Adsense_Mobile_320x100%2CFarfeshplus_Adsense_Mobile_320x50%2CFarfeshplus_Adsense_1x1%2CFarfeshplus_Adsense_2x2&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F4%2C%2F0%2F1%2F2%2F5%2C%2F0%2F1%2F2%2F6%2C%2F0%2F1%2F2%2F7%2C%2F0%2F1%2F2%2F8%2C%2F0%2F1%2F2%2F9%2C%2F0%2F1%2F2%2F10%2C%2F0%2F1%2F2%2F11%2C%2F0%2F1%2F2%2F12%2C%2F0%2F1%2F2%2F13%2C%2F0%2F1%2F2%2F14%2C%2F0%2F1%2F2%2F15%2C%2F0%2F1%2F2%2F16&prev_iu_szs=120x600%2C160x600%2C300x250%2C300x600%2C320x100%2C320x50%2C728x90%2C970x250%2C970x90%2C300x250%2C320x100%2C320x50%2C1x1%2C2x2&cookie_enabled=1&bc=31&abxe=1&lmt=1621399596&dt=1621399596144&dlt=1621399595039&idt=775&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=1526976730%2C1651502043%2C3656393900%2C4154195829%2C2147660256%2C3973651019%2C3130311824%2C2170074160%2C2951505691%2C1626958939%2C1572793433%2C287711858%2C897820444%2C3574112895&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=false&fws=2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

d690d9ad990b0116e795acbea479fe79c72be0f6310d5fc875e1de86ebe9b372

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13500
x-xss-protection: 0
google-lineitem-id: 4457703023,4457703023,4457703023,4457703023,4457703023,4457703023,4457703023,4457703023,4457703023,-2,-2,-2,5372589297,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138214048179,138214048710,138214048191,138215041504,138215040640,138215082452,138214048185,138215041114,138215041306,-2,-2,-2,138311757374,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.farfeshplus.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 50ms
14ms Other
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 41ms
6ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 106 KB
33 KB 1118ms
1116ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

d79f51f753357d11d5781f6478bd1993db8ea9ff5d4426f45856e75502704a31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33263
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.farfeshplus.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 3 KB
332 B 141ms
140ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

08faefaebcdae4111aef5f39495fb508c2789bd08a9d47bd96799575ada50f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
google-lineitem-id: -2,-2,-2,-2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2,-2,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.farfeshplus.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2C5B 13 KB
6 KB 102ms
102ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fda2c4e759554be9a218105625a9ee760cc077fc961df85984c993107130e2b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:36 GMT
server: cafe
content-length: 6524
x-xss-protection: 0
set-cookie: IDE=AHWqTUnBW4iXDmSo_Q8mwttGAKJLPqDhSGRFjaHR2Qo3x9MnjDe0L0ln0BXfdCmk70g; expires=Mon, 13-Jun-2022 04:46:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:36 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 30D8 13 KB
6 KB 122ms
122ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

353b4bf2cf6216dc1f67877f045ef73c5d9f90f4d7bd5bb0ed91779bad39a285

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkna6EnpscD9HW2jvHXoguVAMQ_eD73vEE2TwIsp7tllE27nws-Xy6grvzUkvY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:36 GMT
server: cafe
content-length: 6553
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK getrecs.json Show response
api.postquare.com/rec-api/ 8 KB
4 KB 310ms
225ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.postquare.com/rec-api/getrecs.json?cb=postquare_cb_55934404825745280&pubid=148825&webid=102435&wid=145532&recsnum=15&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&cs=windows-1256&subid=&title=%20Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4&kwrds=Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4%20-%20%D8%AC%D9%85%D9%8A%D8%B9%20%D8%AD%D9%84%D9%82%D8%A7%D8%AA%20%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D9%81%D9%8A%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4%D8%8C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%D9%81%D9%88%D8%B1%D9%8A%D8%A9%20%D8%AC%D9%88%D8%AF%D8%A9%20HD%20%D8%A8%D8%AF%D9%88%D9%86%20%D8%AA%D8%AD%D9%85%D9%8A%D9%84%20%3A%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D8%AD%D9%84%D9%82%D8%A9%2030%20%D9%88%D8%A7%D9%84%D8%A7%D8%AE%D9%8A%D8%B1%D8%A9%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D8%AD%D9%84%D9%82%D8%A9%2029%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7&sessionid=6a471c9b-2cbe-75b2-5134-5de8d90de830&rndid=55934404825745280&psid=aa40d014-92b7-051d-86be-16e8fe06acaa&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: https://widget.postquare.com/_widget_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: 3b4bd5af42c1283d9aa552dea540150517a07e69ba8e3e1db2fd631230a8c5e9

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getrecs.json Show response
api.postquare.com/rec-api/ 10 KB
4 KB 265ms
181ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.postquare.com/rec-api/getrecs.json?cb=postquare_cb_60513289823670744&pubid=148825&webid=102435&wid=145539&recsnum=15&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&cs=windows-1256&subid=&title=%20Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4&kwrds=Farfesh.com%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20-%201%20%7C%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4%20-%20%D8%AC%D9%85%D9%8A%D8%B9%20%D8%AD%D9%84%D9%82%D8%A7%D8%AA%20%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D9%81%D9%8A%20%D9%85%D9%88%D9%82%D8%B9%20%D9%81%D8%B1%D9%81%D8%B4%D8%8C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%D9%81%D9%88%D8%B1%D9%8A%D8%A9%20%D8%AC%D9%88%D8%AF%D8%A9%20HD%20%D8%A8%D8%AF%D9%88%D9%86%20%D8%AA%D8%AD%D9%85%D9%8A%D9%84%20%3A%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D8%AD%D9%84%D9%82%D8%A9%2030%20%D9%88%D8%A7%D9%84%D8%A7%D8%AE%D9%8A%D8%B1%D8%A9%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7%D9%84%D9%83%20%D9%85%D9%86%20%D8%B2%D9%8A%D8%B2%D9%8A%20%D8%AD%D9%84%D9%82%D8%A9%2029%20%7C%20%D8%AE%D9%84%D9%8A%20%D8%A8%D8%A7&sessionid=e08fec83-7952-1696-beb6-e20e4e989687&rndid=60513289823670744&psid=aa40d014-92b7-051d-86be-16e8fe06acaa&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: https://widget.postquare.com/_widget_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: d4e42f495e06a6ae0768210551563b2bcbbffdf72a236c39fde6c297392dbd63

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C004 405 B
224 B 217ms
208ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=8400035594&adk=833794805&adf=3132389021&pi=t.ma~as.8400035594&w=160&lmt=1621399596&psa=0&format=160x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595503&bpp=1&bdt=464&idt=887&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4f4a60a92942580c%3AT%3D1621399596%3AS%3DALNI_MaxLDRjeWtAzPhs8_A0J3tfSQ6UGg&prev_fmts=0x0%2C120x600%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&xpc=TZbrVcbPEF&p=https%3A//www.farfeshplus.online&dtd=901

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca347e552319345d81558197c870d2c892dc8de45d16fcc73fd7346ab520363b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=8400035594&adk=833794805&adf=3132389021&pi=t.ma~as.8400035594&w=160&lmt=1621399596&psa=0&format=160x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595503&bpp=1&bdt=464&idt=887&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4f4a60a92942580c%3AT%3D1621399596%3AS%3DALNI_MaxLDRjeWtAzPhs8_A0J3tfSQ6UGg&prev_fmts=0x0%2C120x600%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&xpc=TZbrVcbPEF&p=https%3A//www.farfeshplus.online&dtd=901
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:36 GMT
server: cafe
content-length: 204
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8923 59 KB
24 KB 495ms
494ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97b181e47a41471ae5c3f80f60c9a390d27bb80eb18af23e30ddf9e3088e1b38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
content-length: 24131
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rmp.min.js Show response
cdn.radiantmediatechs.com/rmp/5.2.1/js/ Frame 99D7 505 KB
105 KB 40ms
30ms Script
application/javascript 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/5.2.1/js/rmp.min.js

Requested by

Host: www.wintv.live
URL: https://www.wintv.live/player1/farfeshplushlsadz/?video=2vod5n/zizy-1.mp4&poster=https://www.farfeshplus.online/ramadanimages/1773.jpg&ads=1&schedule=all

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d1c4b784f402c7ceeefcc8033086ad3e9425c4db5937b8c1c17a563928a8b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1617599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b861900004db847903000000001
timing-allow-origin: *
last-modified: Mon, 06 Jul 2020 13:34:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ToOmyS35yEFTk3Xa2o9GYkq837dPcHDiUQOT%2BvaZ2R3%2B5oOK9uJhd9JT2Fc7%2Fy6SG03Na8zOsmhhoZ4FWSR6chxYzPRH2WTJDICyyd3jlbTEnTXsvhFFabXcgzvGmIc5KbbeEKPk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 651aaeb68e054db8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Thu, 19 May 2022 04:46:36 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 66ms
37ms Fetch
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=382287608570983&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=51e3884bbe6d28428179d7cc181dbbaa&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: spuzhZShd0JfDx1e9zg2l/l2qZ0Xc+6Szja+vu/JcVEtD/jg5nvlmRhH21Tp226t0ExBAVUQKhz0vbMc534gqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 19 May 2021 04:46:36 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.farfeshplus.online
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D81 59 KB
24 KB 291ms
291ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a22e943d4273fb3786c1f46049f12eab60aed4ec8f569689ccf9ad591606e5e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:36 GMT
server: cafe
content-length: 24312
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5517 62 KB
24 KB 519ms
519ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11e55e15d34c29250a5b8789da5b4798a2cf0a9f03bc7c87b45b9d9378badf28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
content-length: 24612
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 2C5B 2 KB
1 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C5B 118 KB
36 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:36 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 2C5B 13 KB
6 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1497
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2C5B 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CK7A9LJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTgAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaqu6QWE-f-RlOgW3S16SjkJUiV5gAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItNjI2NjMxMzE5MDA4NzE3Mw&sigh=rRbBMZrBvog

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 2C5B 0
0 34ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kpwm68hd7deqghnj2j7725avrv4jwnvmpqxcbpnt8g4eb47pts3axqykq358rynrd887vdjxc8shbzy3hbgd2j3v4763qmf9hdj94mfg4xyxace41cbdzgqg6shyvg35sw6b8b1a4ye2q7dfgtksc5dwh1kyxhshcfrfnkqpxc3ctphftcg3xmxh771t3g6jt6r414rwknqcvkbc8yc2en6gb7kxyqca2xwjntdtz97hadwdgqhmm2d6b8h74ekb5nwxrr8gazx4rdvjdawsqx1btq93kdsax1fs8v268csjxy1hnmxrbpx2vy7f7eq6kbxg2p613yz6mr8stvfhdcr42add9s8qawcwsjap5d6qbba7t079whztad1dwvje2nt0n9z&b=YKSYLAAEAoUIu-dVAAczV6j-Jz2lVU5YUgQPqA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=600&slotname=7260452004&adk=1988084761&adf=854766408&pi=t.ma~as.7260452004&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595499&bpp=2&bdt=460&idt=721&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SDnxnFcX8q&p=https%3A//www.farfeshplus.online&dtd=745
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame 25C3 2 KB
2 KB 41ms
18ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47a3c9215794c9ff69454f59251efeead57f9defb9b924cf2551a19f55dd1c8a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a248b869f00004de27c22c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 651aaeb76ae94de2-FRA
content-encoding: br

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2224 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5547
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 vgs.json Show response
cdn.radiantmediatechs.com/rmp/rr/ Frame 99D7 8 KB
4 KB 25ms
14ms XHR
application/json 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/rr/vgs.json?rdm=450388

Requested by

Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/js/rmp.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65598ccf9bfb715cae79447c0341910fb426f3798fdf951b8817e1f05df42efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2754
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b86e300004db2a6b74000000001
timing-allow-origin: *
last-modified: Tue, 18 May 2021 07:58:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A5Ct5DV3sCLJh5QAcLXs7AydG29kfIHr6v%2Fe%2F23c%2Bh3VQtOg%2F4VAZulnhnxg4CM4vfR6iH8%2F%2Bi37emHI1OKdhBH4ikMhgtdIcMnMmQOMiC%2FVWBpTQAMawEZNBMIAVhuw9o1beMEx"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 651aaeb7d8e84db2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Wed, 19 May 2021 05:46:36 GMT

GET
H3-29 200 rmp-s4.min.css
cdn.radiantmediatechs.com/rmp/5.2.1/css/ Frame 99D7 63 KB
9 KB 17ms
16ms Stylesheet
text/css 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/5.2.1/css/rmp-s4.min.css

Requested by

Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/js/rmp.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ce6078d61c3621293273e65d1344a7dc0895bb80d4b3e7986deb9bd588e2a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1617598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b86dd00004db82abb9000000001
timing-allow-origin: *
last-modified: Mon, 06 Jul 2020 13:34:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X62hoUUYdmWLqRMxzhz5LMpagicV1ujkqxbnmc6CTf8i0Skbqnfyh%2FnwSTKRmUTsEAQbjvaA91tK23JOjhsR588zqnhi5ynvJhUkj1qelhcOBB2rSgV6QRZat6icOP3yZR8rtJDd"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 651aaeb7c8244db8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Thu, 19 May 2022 04:46:36 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C8E2 81 KB
27 KB 329ms
326ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5c6e77b6ef5c49216d0458931228e39370b1b6abbc9ae89dea6fd541fda0ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
content-length: 28117
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 30D8 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 30D8 118 KB
36 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:36 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 30D8 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1497
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 30D8 0
0 15ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQVmaY6ReozWgRGXkey4-mV17CeDq8Aacg3X-jbiiczM84_zo5j92L5pViip0vx0ZQ7V7KSGVpeUoYi-iqFR91XjGY1QA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 30D8 0
0 20ms
19ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CgiaCLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTgAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA83kAf68dO2-l8tI3Pqv6aQ5-SgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItMTIzMTY2MTYzMzQ0MDk4MA&sigh=qPllNvn7Z2E

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 30D8 0
0 16ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jhx30jaeh2n0m26f2svxhrnc15vqbwg7c476pd1wt40bsjxpr3n2bhaz7k986nbttbn7bq4180gjabzvvdpxcsf0chj9frb34515ds5r6cbgpcesxj8bnbyh450kkyrf1gvw20e1asxgy6972vs7thzvb94m00hn3zc1xfjk9trmxasphkzrgf4qs7hn3fk50cwy0nrr9fjxrfmwyj0214341yy3fepanbzen8zzrsg0fk37rv2sbydm7vz3gtmvzzjxaw5atj6679x919dhbbp255j8aanbb60k0e5tpy5r2hrsccxhv2wyjvq2wwnnmbdkfvgyks10ngv8jewsdn4bmnyya0kad47192hw17qxzx2hd8k67kb31qs98f10dvr3wsm&b=YKSYLAAFg2oK4DkZAAUUepa_OmrJ1nEQfwBBbg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H3-29 200 dr Show response
ad4m.at/ad/ Frame BAAE 2 KB
2 KB 38ms
28ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fe098042af566fa3cb0b96ade2fc9d7ae48d774a806b647cd07b1d145ceed22

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a248b870600004a86a138c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 651aaeb80db04a86-FRA
content-encoding: br

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 55E9 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5547
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.farfeshplus.online

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3750 13 KB
7 KB 186ms
185ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c274fd3da5a11f0b4ce2575a09d61ab1575e661ed76d01f5babd9f2177164783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
content-length: 7081
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pos_crt_loader.js Show response
widget.postquare.com/ 13 KB
4 KB 6ms
6ms Script
application/javascript 2a02:26f0:6c00:28b::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.postquare.com/pos_crt_loader.js
Requested by: Host: widget.postquare.com
URL: https://widget.postquare.com/_widget_loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28b::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e9f8be6cb98aedc4f0db1d4a191bf850372db3945a71668578d426750f323ccf

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 May 2021 10:38:41 GMT
Server: nginx
ETag: W/"608fd2b1-3452"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 3246
Expires: Wed, 19 May 2021 06:46:36 GMT

GET
H/1.1 200
OK images9.engageya.com.engageyab8698592-742f-4b11-9874-113f95f13e89_new_post_image_100944_7.jpg
img9-api.postquare.com/55/5c/website_227357/fa/8a/80/ 20 KB
21 KB 32ms
6ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/55/5c/website_227357/fa/8a/80/images9.engageya.com.engageyab8698592-742f-4b11-9874-113f95f13e89_new_post_image_100944_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ce232c2475cfe9484d7671d89c36159b1494d8ebfc50ce5d0ec40e8fcb71d7f

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Last-Modified: Mon, 17 May 2021 09:03:17 GMT
Server: AmazonS3
x-amz-request-id: 5V1VZBWVX6A7TVCZ
ETag: "fa1263a7d579870009e6052baa779719"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20936
x-amz-id-2: NdWJjzGowK27OU1KtRkFE5DvC0dmwmY0UEyo6Pwr5x0mJmTpvvhkhXsJcSaOM6+8/+A/N3zamDc=
Expires: Wed, 26 May 2021 04:46:36 GMT

GET
H/1.1 200
OK images9.engageya.com.engageyafc4d611c-fa02-481e-919a-6de158750681_new_post_image_237232_7.jpg
img9-api.postquare.com/97/fd/website_227262/27/46/06/ 23 KB
23 KB 32ms
7ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/97/fd/website_227262/27/46/06/images9.engageya.com.engageyafc4d611c-fa02-481e-919a-6de158750681_new_post_image_237232_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0abb970d01a6442a96aaf5b6c7dca8328f23d3d91ba9892cc4023d14c4d7fba0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Last-Modified: Tue, 11 May 2021 07:18:54 GMT
Server: AmazonS3
x-amz-request-id: EH7ZW0HVQFY57ZEG
ETag: "bb7347d490d693fe6b22e5388bffd4bf"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23044
x-amz-id-2: PbuCIG9FFxUyAjn+wrXuojhjGHflNfDFvzW2HkxVyMiEYUWmHnDLJuc3dlDOpMq23dhTYP2sQ6s=
Expires: Wed, 26 May 2021 04:46:36 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya24261b24-aded-43c7-b7af-cf4a2f4d8657_new_post_image_182802_7.jpg
img9-api.postquare.com/7d/1e/website_226777/91/d3/15/ 19 KB
19 KB 32ms
7ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/7d/1e/website_226777/91/d3/15/images9.engageya.com.engageya24261b24-aded-43c7-b7af-cf4a2f4d8657_new_post_image_182802_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca6b0b31cc1552331bc007bf8a3c4cc40a44cb65cc30d8b81dd96aa2cd637ece

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Last-Modified: Wed, 28 Apr 2021 08:57:32 GMT
Server: AmazonS3
x-amz-request-id: S1GE807WA9CGBCG0
ETag: "3d888af796ce37915f31009bc3cb4d7d"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19468
x-amz-id-2: hwTmTkQ2130+1YVB0WU03g+AXG3OkSe5B7zyxSZ3adnVrYRQK6WlIVtjPdhRPpqoVJ/pOrcByUo=
Expires: Wed, 26 May 2021 04:46:36 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya5e190c41-b3da-4fca-b271-15b8c49ebd52_new_post_image_708559_7.jpg
img9-api.postquare.com/7d/1e/website_226777/0d/1b/3b/ 17 KB
17 KB 32ms
7ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/7d/1e/website_226777/0d/1b/3b/images9.engageya.com.engageya5e190c41-b3da-4fca-b271-15b8c49ebd52_new_post_image_708559_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bb5e6fb8b67b430f2f16d683fb3b41acfaabc67c1ace6a706c73b35e3edd9bb4

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Last-Modified: Wed, 28 Apr 2021 08:57:35 GMT
Server: AmazonS3
x-amz-request-id: 1SE1NJ26EP1F1X6K
ETag: "823c93687edb8e6e66b78a4d3db2a3ea"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17370
x-amz-id-2: USWxr3l8OegFvJYdpjZRWTKeDrLDG6OPlA3UZb590w4KN3Ed9Xm0KhQiJZmimWt8xMZdhTY7Ez8=
Expires: Wed, 26 May 2021 04:46:36 GMT

GET
H/1.1 200
OK logosmall.png
widget.postquare.com/img/brands/gecko/ 4 KB
4 KB 14ms
13ms Image
image/png 2a02:26f0:6c00:28b::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.postquare.com/img/brands/gecko/logosmall.png
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28b::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a01d8b7ca6b54b65249b97435040a6202bed90eb499171362fe6b08600791a41

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:36 GMT
Last-Modified: Mon, 03 May 2021 10:38:41 GMT
Server: nginx
ETag: "608fd2b1-ea0"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3744
Expires: Wed, 26 May 2021 04:46:36 GMT

GET
H/1.1 200
OK 1773.jpg
www.farfeshplus.online/ramadanimages/ Frame 99D7 33 KB
33 KB 67ms
66ms Image
image/jpeg 185.18.205.182
INTERHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.farfeshplus.online/ramadanimages/1773.jpg
Requested by: Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/js/rmp.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.18.205.182 Holon, Israel, ASN61102 (INTERHOST, IL),
Reverse DNS: 182.205.interhost.co.il
Software: /
Resource Hash: 646f9d1dabfc0a469e6f5041281c3ae403cc2d5c59d08623ad7f1e504e9be0d7

Request headers

Pragma: no-cache
Sec-Fetch-Site: cross-site
Accept-Encoding: gzip, deflate, br
Host: www.farfeshplus.online
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.wintv.live/
Connection: keep-alive
Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:35 GMT
Last-Modified: Sun, 11 Apr 2021 15:50:06 GMT
age: 0
ETag: "6f604058ea2ed71:0"
X-Cacheable: YES
X-Cache: HIT
Content-Type: image/jpeg
cache-control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33462

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 99D7 334 KB
115 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/js/rmp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94e37f1a24a682b88f0212e2514f7e4cd3a2601342aaf332de8dc39ef544c44e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117175
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:36 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B1BF 59 KB
24 KB 269ms
269ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd070d9a421900fd5dd69ca4cc7ac03bbc8ce4bec7c40ec93655ab4d8f61eefe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
content-length: 24064
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rmp-font.woff2
cdn.radiantmediatechs.com/rmp/5.2.1/css/fonts/ Frame 99D7 8 KB
9 KB 12ms
12ms Font
application/font-woff2 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/5.2.1/css/fonts/rmp-font.woff2?jsbvoz

Requested by

Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/css/rmp-s4.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acf2598b33b97668edf408a40c5a47b845ab37d1de7d2cda14370e31c37de8df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.wintv.live
Referer: https://cdn.radiantmediatechs.com/rmp/5.2.1/css/rmp-s4.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1617559
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8560
cf-request-id: 0a248b87ae00004db2a3241000000001
timing-allow-origin: *
last-modified: Mon, 06 Jul 2020 13:34:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DltWy0%2BsdGbJssDX2PpbfWvGY5hC7BvUuTYnBOx3IfbXjVZyj%2FEVnhj97cJn%2B3y%2F9yCoUtfk3k7q3cv77IwuBF%2FY7Gt5LE20TQeK0RO2036I6bik0J0aw5DrlX%2FLbYgz7VzPp9%2B5"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 651aaeb91b344db2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Thu, 19 May 2022 04:46:36 GMT

GET
H3-29 200 roboto-v18-latin-regular.woff2
cdn.radiantmediatechs.com/rmp/5.2.1/css/fonts/ Frame 99D7 15 KB
16 KB 12ms
12ms Font
application/font-woff2 2606:4700:20::ac43:4712
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.radiantmediatechs.com/rmp/5.2.1/css/fonts/roboto-v18-latin-regular.woff2

Requested by

Host: cdn.radiantmediatechs.com
URL: https://cdn.radiantmediatechs.com/rmp/5.2.1/css/rmp-s4.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4712 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.wintv.live
Referer: https://cdn.radiantmediatechs.com/rmp/5.2.1/css/rmp-s4.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1617539
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15344
cf-request-id: 0a248b87bb00004db25690d000000001
timing-allow-origin: *
last-modified: Mon, 06 Jul 2020 13:34:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mFRqhYYHXqd69uWvzzNApTtQUD6udZ7%2F1gcJLtnjhSLb5lX519Fh%2FjmJqO8OZwv%2Fg1ZTOT1pm%2F3sD1PR866qD9PBETV6qsuo8cdChOV0lddIjBQK7wMPy8o%2FHvXdgAs%2B5dGuV2U9"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 651aaeb92b574db2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Range
expires: Thu, 19 May 2022 04:46:36 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya20c217c2-cf7d-4deb-9a7d-6f6f661d6d1d_new_post_image_392481_7.jpg
img9-api.postquare.com/55/5c/website_227357/b6/69/02/ 10 KB
10 KB 8ms
7ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/55/5c/website_227357/b6/69/02/images9.engageya.com.engageya20c217c2-cf7d-4deb-9a7d-6f6f661d6d1d_new_post_image_392481_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f7343a271b41d6b227b1d367d12673d5488a1436f9607830c8cf6ab76291387b

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:37 GMT
Last-Modified: Mon, 17 May 2021 09:03:05 GMT
Server: AmazonS3
x-amz-request-id: W8A9SXN11WA6QHS2
ETag: "2705196ded800afdc76836a6a4e9c71c"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9796
x-amz-id-2: iQKoEhYbT6xvnrW3dmFshvhmc5tEpBABCiuN0s0yS/Nre8DJgPPDbeecSkUfyPeObU06Pk+XbCA=
Expires: Wed, 26 May 2021 04:46:37 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya16e40ecc-d9a5-415b-9745-2132c33d397c_new_post_image_595656_7.jpg
img9-api.postquare.com/97/fd/website_227262/ff/8c/94/ 23 KB
23 KB 7ms
7ms Image
image/jpeg 2a02:26f0:6c00:283::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.postquare.com/97/fd/website_227262/ff/8c/94/images9.engageya.com.engageya16e40ecc-d9a5-415b-9745-2132c33d397c_new_post_image_595656_7.jpg
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:283::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ceef3bffa7ee3b4aa56c337d52e607ee2ad80b7e4c3ecf7291af6e0cece92da1

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:37 GMT
Last-Modified: Tue, 11 May 2021 07:18:52 GMT
Server: AmazonS3
x-amz-request-id: 2KF98K7Q9W19MM7C
ETag: "4cc8a83a900c2c27a3c0fd1163aac3b9"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23085
x-amz-id-2: XF0R8nNrcIFMnKtjLy0MZEn6HY7s6fp3Rjzkun4Kzy5DpZfI4VLtALrc8+njHgl2cB4l/ltHKuM=
Expires: Wed, 26 May 2021 04:46:37 GMT

GET
H3-29 200 default.css
ad4m.at/0.1.122-318/style/one-ad/ Frame 25C3 58 KB
59 KB 17ms
16ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=XxVHlg==, md5=RCdMWH7YOCWDIhuwI9UcWg==
date: Wed, 19 May 2021 04:46:37 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4952850
cf-polished: origSize=59196
x-guploader-uploadid: ABg5-Uy4aivieyuBWrRiQC4_Ppn1uUsCErWp3PCNabOAR1DHIeajjF0MmTZg9JuSRGfocIdDxNZdYx3-JXnC-nTF81uHDLT_kw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58969
cf-request-id: 0a248b881500004a865aa38000000001
last-modified: Tue, 16 Mar 2021 10:53:32 GMT
server: cloudflare
etag: "44274c587ed8382583221bb023d51c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RLtRXEC5wNI4I%2FyI2QzoaGF4B47tQxa4V1l0JiuDSPCOLUgAceTOU7AiVlov2dexVEGJj0%2BHCrRG5Dj2QBxHKVJgdBLzKtdHITqWIZF1LgCUp8XA"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1615892011975494
content-type: text/css
expires: Tue, 22 Mar 2022 20:59:07 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 651aaeb9b8844a86-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 25C3 36 KB
12 KB 29ms
28ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=VHPQMw==, md5=O4FGM/ivTqRkLkRDXbVbMw==
date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 40866
x-guploader-uploadid: ABg5-UyHG-hOHMrblKFIYL7z0-xw-9pArwKph-VJrtcWULownBnqKUo-1GLHEGsXvwH8Zp6QorI5FIk9wmVPTpub1M4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b881500004a8699127000000001
last-modified: Thu, 06 May 2021 17:25:03 GMT
server: cloudflare
etag: W/"3b814633f8af4ea4642e44435db55b33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2vuctrTcdkK3A01C1GmvW%2FsuReStvjN%2FlLQM41LolmYeUfmHy25q5H5rCa8Xv%2FLBMEp0BQMxxYn5GBRbl6kwZEYMg6GHiPj4HSfxnjbrNbXy97Qy"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321903630655
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12034
cf-ray: 651aaeb9b8894a86-FRA
expires: Tue, 18 May 2021 17:25:31 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 114 KB
37 KB 63ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: widget.postquare.com
URL: https://widget.postquare.com/pos_crt_loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 11:49:39 GMT
server: nginx
etag: W/"60a25853-1c9d1"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 20 May 2021 04:46:37 GMT

GET
H3-29 200 default.css
ad4m.at/0.1.122-318/style/one-ad/ Frame BAAE 58 KB
59 KB 19ms
18ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=XxVHlg==, md5=RCdMWH7YOCWDIhuwI9UcWg==
date: Wed, 19 May 2021 04:46:37 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4952850
cf-polished: origSize=59196
x-guploader-uploadid: ABg5-Uy4aivieyuBWrRiQC4_Ppn1uUsCErWp3PCNabOAR1DHIeajjF0MmTZg9JuSRGfocIdDxNZdYx3-JXnC-nTF81uHDLT_kw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58969
cf-request-id: 0a248b882700004a86bca59000000001
last-modified: Tue, 16 Mar 2021 10:53:32 GMT
server: cloudflare
etag: "44274c587ed8382583221bb023d51c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qT1%2BfXIo8JwODfFBihfAhQALq9A%2BMdCY0bVr31tNKGjMra0bNNAp0gyxgmiYM4MCexGbirJgnzQVxST9WCmdyRdpiNPyu5ILIIKXbsOOeDXL8J%2BH"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1615892011975494
content-type: text/css
expires: Tue, 22 Mar 2022 20:59:07 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 651aaeb9d8ab4a86-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame BAAE 36 KB
12 KB 25ms
24ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=VHPQMw==, md5=O4FGM/ivTqRkLkRDXbVbMw==
date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 40866
x-guploader-uploadid: ABg5-UyHG-hOHMrblKFIYL7z0-xw-9pArwKph-VJrtcWULownBnqKUo-1GLHEGsXvwH8Zp6QorI5FIk9wmVPTpub1M4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a248b882800004a8677059000000001
last-modified: Thu, 06 May 2021 17:25:03 GMT
server: cloudflare
etag: W/"3b814633f8af4ea4642e44435db55b33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xYcUGw%2FJ4HwUD7RV2Wl2lL%2Fkjj2GzacSxfaPVlZS1V05AlhYwaplLlr5uF7Zs3aUuNGsEzHWStP5wd6gf1cdFMLjgEWbTG7CxYHx5P8dfonubUme"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321903630655
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12034
cf-ray: 651aaeb9d8ad4a86-FRA
expires: Tue, 18 May 2021 17:25:31 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2224 35 B
464 B 43ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENGhxY6WCjb89ScKi2qxMBc&google_cver=1&google_push=AQvitUJ0ZBHaKh3Evt8EDX7jAjoDXdZS2ARtIwZp8wwL3QAiN5t-9dYfVtR_1kfGkenVhPmWOOl5NDJYWU4rgj4a7TwNgVNjPlaG

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJqHqSgg_PaVdLZfgsLCM_Sp6W2j8HcZG7ws1fyF1aVndrl2LHOr1cM-9tasJnyX73-LV-P-uENWIa_9JeRDuNOY8-a8mA&google_gid=CAESEC8c6JaxCyqbLUMDWLoOdM0&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCK2wkoUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVKcUhxU2dnX1BhVmRMWmZnc0xDTV9TcDZXMmo4SGNaRzd3czFmeUYxYVZuZHJsMkxIT3IxY00tOXRhc0pueVg3My1MVi1QLXVFTldJYV85Sm...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNm9LSTZsSVM2QmhzWWhPQWJxS1pmbHRsdHRBbHpQdUtNZmdEZXVrLUZ5OA==&google_push

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNm9LSTZsSVM2QmhzWWhPQWJxS1pmbHRsdHRBbHpQdUtNZmdEZXVrLUZ5OA==&google_push

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNm9LSTZsSVM2QmhzWWhPQWJxS1pmbHRsdHRBbHpQdUtNZmdEZXVrLUZ5OA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIMCzPq...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIMCzPq...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_T...

170 B
188 B

28ms
26ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_Tc4fwhJE72rtlwcKjVo-9XOKFHW0kbz

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIMCzPqe8FvXacGIchBRlMmyOBLc9fna-2orwE8aRBX5v-RzSc3VrqKvRxN7f1i_Tc4fwhJE72rtlwcKjVo-9XOKFHW0kbz
Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEA5rnGUg35KNUSaLOwPulkU&google_cver=1&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI
https://rtb.openx.net/sync/dds?google_gid=CAESEA5rnGUg35KNUSaLOwPulkU&google_cver=1&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w==
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w==...

170 B
188 B

21ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w==&google_tc=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUI-0_4mijAinR9q4LTDaRqi3BAIaTwdX2_YOKboKo_GNC7kqbiiQwFrM9RE_uoqA3oxwLr4Yh1XPk0gU6GUHzrXp0mBkGI&google_hm=jENEv639xM8G96-aGFVa0w==&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 417
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg&google_tc=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULFxVcmDFrmt8-8EWQmF94yd5Eozw--qJVxa6MaZViY27tUZ-linYtMwHiqja3mIBXbOtfCurM18hKRfJTw0QkKUsE3ECyg&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 651
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIVI_ulPJzg8ZCIQac3CPCM&google_cver=1&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbk...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl&goog...

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl&google_tc=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHM1ItNC1VMk8=&google_push=AQvitULKR9d5m1p5WgP_67lY2LQFyKAPQsbqtGr4Bmf-37uPwgoHjKEZYbPDr6sspVMCSo8sdbkFW6zDNM6PW8V2H_S4CcSmhEZl&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 412
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 2224
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwC...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2224 0
236 B 54ms
14ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iq2qH64G_r0j6__wJAcekWJ8JiBdQkHBuVMncGLpi_pZM9l2UilMFLHE7B5vO8SzYO28Lg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 5861899615172328912
tpc.googlesyndication.com/simgad/ Frame 1D81 43 KB
43 KB 21ms
10ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5861899615172328912?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnrDTMm0k9QKZWRXwmX2ReQgECh4A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a4e96c772ce5bfd29d671ad3dfaeeec6a9af49fdad4f50c2c5e709cde504abe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 03:45:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 02:58:39 GMT
server: sffe
age: 3655
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44304
x-xss-protection: 0
expires: Thu, 19 May 2022 03:45:42 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 1D81 17 KB
7 KB 18ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:42:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 1D81 2 KB
1 KB 20ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D81 118 KB
36 KB 26ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 1D81 13 KB
6 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1D81 0
0 27ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRcLMEUF_JHny4VT-gFSWgZvjTb3vXHWMWXi79V05e9VBj0X8bu7lstT0C2zvZC2H3ipcximC_eP9bZK0twWKfCU7D9aA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 1D81 25 KB
10 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:42:52 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1D81 0
0 25ms
17ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmsAALJikYOeQJrqv-gb_7oaABvyo6upiu-jUteANv-EeEAEg7L-QEWCVAqABuO3svAHIAQKoAwHIA8kEqgTsAU_QESd3ICjLuExHFFPDVn7r3xN9cTquopSbive3nCJeS1ShRmXVaVbYIxigfDm2jVnbYWwhPZqMJwCHjpddEIztMj4vYPix0855B2R0QjEk8Vv_8gixjGwxm58EuMP5dg8fkf5rwh6CVNh9LDuDK7oN4-5CbF9tq0-wEQbVPUR9yAdbaWoNRjqKUarSTCX8ajHhbq5S7QakUVuOPbxHrJni2HC9zWROrtcFCgR3qcYVJEGUwpC48h5x-dCZiFHBAyOVLP67_cf28uBTIm9Rfe7FVJz5u7OzQ1qu8YduywQRdhVw5wnqZfIZoXaIwATRj7b50QOSBQQIBBgBkgUECAUYBKAGAoAH8fXGxAKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ7OIE0ggJCIDhgBAQARgfgAoByAsB2BMC0BUBgBcBshcaChgIABIUcHViLTEyMzE2NjE2MzM0NDA5ODA&sigh=rwJ7O_1vxok

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 bridge3.459.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FDB9 573 KB
188 KB 24ms
7ms Document
text/html 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.459.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97148294651f71eb2be2e2f84736de37708be96835bf8cbeb6ea96e5b3b21dea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.459.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.wintv.live/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.wintv.live/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191958
date: Fri, 14 May 2021 17:32:21 GMT
expires: Sat, 14 May 2022 17:32:21 GMT
last-modified: Fri, 14 May 2021 17:25:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386056
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 99D7 44 KB
17 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 55E9
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPuTykNJ76Zv6u5OgrgjWMs&google_cver=1&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5A...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5Ayu_oY_NJIXS4wtMEmrQ4Vye79gWi5vE9bcIkFhDI9Zyg&google_hm=jFfT...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5Ayu_oY_NJIXS4wtMEmrQ4Vye79gWi5vE9bcIkFhDI9Zyg&google_hm=jFfTwRhGqKL4QlceIDbnEw

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzVS8HOLGKDC0ecSIZ0H8Jhuog1bSCxQ8CvPgxXmdh6prhPU9x5Ayu_oY_NJIXS4wtMEmrQ4Vye79gWi5vE9bcIkFhDI9Zyg&google_hm=jFfTwRhGqKL4QlceIDbnEw
pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 55E9 43 B
324 B 49ms
16ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEP-1BuCjyhlMeApG43_Tafo&google_push=AQvitUKKjqSjzARKYrFBQXANBNg0GsRj7OZqq1wyX3H3dzonXmmL4d0dJ83p3mXv51BU8LeDDo86327kdqgcfFRbg2tqLBwwB4xp7w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 55E9
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEMjnvmSF0J8UmcNQCabAfQY&google_cver=1&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F&google_hm=jENEv639xM8G96-aGFVa0w==

170 B
188 B

15ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F&google_hm=jENEv639xM8G96-aGFVa0w==

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:36 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULjfaBp4xzCw1AHzBZTo-crNPD47JIGnS3u4iZ-UQ-l7bpy0o_d4c73sNXEEtCAqZajDBVOnStP9qE3fETCsfFNCKgbkC6F&google_hm=jENEv639xM8G96-aGFVa0w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: v3ndt71fpfq1alo7mvqq9li7dhou91cq

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 55E9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULrcaNBtG3zQ_dhiDCHpQpNnJ7aBUGbAfziFDSPGpR6JD4dMMZnYH5QJ5j0L3elCaWj5AZouY4QIp5TPqSb_lRiulu331XFgA

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CV8NdGAuSMGdJD0yEH8Hrw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULrcaNBtG3zQ_dhiDCHpQpNnJ7aBUGbAfziFDSPGpR6JD4dMMZnYH5QJ5j0L3elCaWj5AZouY4QIp5TPqSb_lRiulu331XFgA
date: Wed, 19 May 2021 04:46:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 55E9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKAdJYUSuNl4mup5Q-Yaqf4&google_cver=1&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPw...

170 B
188 B

23ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA&google_tc=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHNE8tMjgtNjROUw==&google_push=AQvitUJcmUTzbKKNFIu56q9moOz1eJPixgpsC9hJyVN_w3uXvEO7qxHHbLMC7MOJPLK3PjPqpxNtktex6argUGKFB3-FW7Fzu8WPwA&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 418
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 55E9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHx...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 55E9 43 B
296 B 76ms
22ms Image
image/gif 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEK-691dITZf-bd192zYFL5Y&google_cver=1&google_push=AQvitUJsxTPa6j3HxmycpL8kS9tF4BrHxElQ1AE6tAQLDDc3lGrooys6xoOn1rRvkvfgjvw2z6AEYFmp-o6UWLhGDgrb_q9DDePu
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=3827245123&adk=203976336&adf=54630664&pi=t.ma~as.3827245123&w=120&lmt=1621399596&psa=0&format=120x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595502&bpp=1&bdt=464&idt=824&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C120x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CenEr%7C&abl=NS&pfx=0&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YHN3FAhAXX&p=https%3A//www.farfeshplus.online&dtd=842
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 55E9 0
12 B 28ms
21ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L2qBubzk-Z35owCSE5VYvS3aW0C4HPHZNuvTp1Dn6LOWrs7rLtOywmlrLTgoJu5Oi_F2u2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 757733946283100238
tpc.googlesyndication.com/daca_images/simgad/ Frame 8923 73 KB
74 KB 20ms
11ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/757733946283100238

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d9c25cf04035ff568bd6b609a2cfdfe6e333d29c1161082cf5e8d7f6d78d444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 16:00:32 GMT
x-content-type-options: nosniff
age: 477965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75261
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 10:28:32 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 May 2022 16:00:32 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 8923 17 KB
7 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:42:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 8923 2 KB
1 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8923 118 KB
36 KB 21ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 8923 13 KB
6 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 8923 25 KB
10 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:42:52 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8923 0
0 24ms
19ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIH1sLJikYIDaItCmgAfn14fIDbL8m-di8-uo-YsOo5XP8ogCEAEg7L-QEWCVAqAByP6rpwLIAQKpArXjBZyxSIE-qAMByAPJBKoE8QFP0Fm3yfScNrCH1OQTHP1m13j9vXmi_WsOqKM6-QlEs19g6UIU0dnvOArmbrI1-uSGLi56W_hhf7ljbKjd0tUJr2fQc_FvS5ZsWqarGNPKshKviEHfuysrHYPbL3xHkoQTOlDKbzCEq-KMxJvROCJoTq9waipHPeBAmOmnJ6x4kpIuA6xXCB9ou-zNzdpJOBJKNf_-3EMaZn1qy2QcRfqq_9GFWJZSDgMtAQMYqPodz02va3FEes0NtN2gp4iJMOjpFWfaea9SbF20K7D7kBgfNGTL2tY5DmflHXrIpPV2Li6_sxJjhjEsF1fal_R2FeDiwATByaHYxQOSBQQIBBgBkgUECAUYBKAGAoAHoZvW2wGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ0pEW0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBgBcBshcaChgIABIUcHViLTEyMzE2NjE2MzM0NDA5ODA&sigh=9z-1S4F_92s

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 3750 3 KB
2 KB 96ms
30ms Script
application/x-javascript 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTW1ZNU5tWXdNV1F0TW1SbFpTMDRNalV6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDEwNjgzNTY0MTAzOTA4NDAvNjYyMjMyOC80NTYyMzA2LzQvNFpuLThIaXRpQ2tMU1UzckdXNWh5RXI2Vlo5Z3BWSjlUdmdkZjFmNTlIZy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MDAxMDY4MzU2NDEwMzkwODQwL3pyaC8wLzcwLzI4Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjIxMzk5NTk2LzE2MjE0MTIxOTYvNC9wdWItODM2Nzc0OTk1NjkxNzAwNi8/vt3l-1GxHzsCQNm9KCEGMiHGdI0&nodeid=2637&group=eu&auctionid=5001068356410390840&sid=4562306&cid=6622328&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%26client%3Dca-pub-8367749956917006%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: a476c219ba06b46d7dd3209f76207f8e4ba98b56dc292f32a243c4c73ce77a79

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:30 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1621399596
Last-Modified: Wed, 19 May 2021 04:46:36 GMT
Server: MMBD/3.199.0
x-mm-latency: 1 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x82, zrh-bidder-x151
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Wed, 19 May 2021 04:46:29 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 3750 2 KB
1 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3750 118 KB
36 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 3750 13 KB
6 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3750 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcRe8LJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOcBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0SOIcBp_KC30z5ZRqpjDRjFQ6gAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItODM2Nzc0OTk1NjkxNzAwNg&sigh=-oSPXfB_bp4&tpd=AGWhJms8Qv8dPSE5aPD9ZPXPMo0ivhOkIDE1doqy84Rk9FlM4Em4WL2yHvTyh8z2Tm2OkF0gAYXHl21mSTITXvF57V3wAplCBHaQQKvGG4e7U50hgHwEFkU32D6ZjOGIHccVrZNhJV-7VBGLnBMkHi1KXJxhaxnIT8iq5VIDVU0n3Kw65QB4FCrb5rTXZokxlkaMZt1CP4r7YO_99SFQN99RW1vSB4huK5TQvM9lM_mqFyuDzoFhM1DxsNHDucRmvSTwKuefG2EsGq7YeFLiiUu8xbGQbGhA-PcovLCVDRVhcuML94uwJtC_Rv4GlZ3fX-mkIEI2XSBBLKr-mHbP4tqQYbnX6PYuipn9qowiRvIB8btwknS80gcJTuieRAPstspCQ_RnDxIu05ZNK56t-KTHXHz7Q61gknWTteR1u3_z4S3QY3G9qPaJEsMzDZeEw_0FfLWHe_k1duunTeqYecfEtN0z_ZEx1R6IcY2mzK7IAG1SlxtRr6ClWGpxtlD5RiSG3OZzqpFbL83QB0NT4Yr-Ntr0uHSbO_5ChxKmtTrJ-RdH0hVKa2d27Y_xEgHAGWwjROSe0kFZKzaaOsDNcjhwEHaOmgXL9Ya7mWUUsTyw7AqpZ_lWdJesHkVLvWXHYJ3vUPQ4AYxIHgGxBc6OmI_DXD61iUTXIdBkZEtd9tW9U1xbs2Zp0ga7zE7RUxpnPH_xRrrfGprbpCzedYZD73HSF19RGz8Yq3PCIvdVYcFapGwXZyrGXvbu8c8JZA0pOdzsl0MMh8DcMseJgQOo3HWgfPmOq8xMPBN90DgovhSCImkZEKCzv0myGcZp7cJBCJoQhVk1g4YxdypQ5-xjNqmZjWrxsQu9goTHs1knP92osQ4DsB65TyBcR5s5rVDwX8C6h4o4WUCc-VavXuyjWfB638DVQWBnVNyDV7nZ75kRlp9wx60usfgGP--5fkpcAOdHv11zyZcZz_yWe9w-iuZyXLMg7C2S88RAYd5AeU2p2tYyqnIbQ5w7iLtPeFp8DNRTWFWKc8o2QBCeiBaLQyZ8QWiJQgA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F9C2 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMRvfUNDHRTdVF2nEprOKz2DwLUFYiDRqK6OWQeAZahephUY9Th_ZcdohTRh8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1038
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4174 1 KB
749 B 8ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5548
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1D81 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94fc5bd7b00ab5465c116ca56677cda170ded877cc6fe01c5ea0caffb2ddf92d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 frame.html Show response
ad4m.at/ Frame DBB7 2 KB
1 KB 18ms
18ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Wed, 19 May 2021 05:46:37 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2274642
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a248b88f100004de29c27d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4BBuPSzOo16281u2ac3HCgF1fMU6lWj5Pssfash8PtylpINNdWKyRV0K0e%2F6gnBWGtCG8QB%2BcrIu%2FO9Qbs63yzTwnZbThenqRcHeo%2BhVjvtVddc8"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 651aaebb18704de2-FRA
content-encoding: br

GET
H2 200 frame.html Show response
ad4m.at/ Frame F3E3 2 KB
1 KB 18ms
17ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Wed, 19 May 2021 05:46:37 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2274642
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a248b88f300004de2410a9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g8tiwTmI4ZlEKfIWKJGJVnFBT7WcI6LS0KO2d82zn5KCuzLmKzNjwlWPGVoAzrvVHUg4AuQG7QlTDBn1IixWK%2FqXKCiLLDl49Ms2hWRpXuW7Y5Kj"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 651aaebb18784de2-FRA
content-encoding: br

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 77A9 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wintv.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:22:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1474
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Wed, 19 May 2021 05:22:03 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 75E9 143 B
226 B 6ms
5ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=600&slotname=2065248459&adk=1530395088&adf=1056458448&pi=t.ma~as.2065248459&w=300&lmt=1621399596&psa=0&format=300x600&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595504&bpp=1&bdt=466&idt=1032&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=yiRXaTHVU7&p=https%3A//www.farfeshplus.online&dtd=1045

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1038
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 5E7A 247 B
792 B 65ms
14ms Document
text/html 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

46d1e77641f6cb68dadda1844ca811d9aebec2a8c8cf2b92980bc10ff34bac8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-V_B-wuHRfVVXZPFHVn46hg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 206
date: Wed, 19 May 2021 04:46:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7AFB 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5548
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
152 B 64ms
21ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=106&profileId=184&cb=99264126951
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.farfeshplus.online
date: Wed, 19 May 2021 04:46:36 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 16016676044614810683
tpc.googlesyndication.com/simgad/ Frame C8E2 48 KB
48 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16016676044614810683?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkyXLGWsb-QuFrpwAn2APoH1sPXqw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c9c4886794f7dd50629f8cafeb51ba4c8b46ca48d9fdfbc1a13775115be136a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 17:01:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 10:39:10 GMT
server: sffe
age: 128736
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48951
x-xss-protection: 0
expires: Tue, 17 May 2022 17:01:01 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame C8E2 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:24:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:24:31 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C8E2 2 KB
1 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:04:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:04:18 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame C8E2 67 B
196 B 14ms
14ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 01:32:03 GMT
x-content-type-options: nosniff
server: cafe
age: 11674
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Thu, 20 May 2021 01:32:03 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame C8E2 0
0 18ms
16ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDPdVLJikYOS_MKDV7_UPjKCs4AOksdTnYqKp_KWdDdnZHhABIODi2VZglfrwgYwHyAECqAMByAPJBKoE7AFP0NobGVyy5XW9WpGyA5CPRo5kRHEpkgy7zxsGG389hGAvgVh33A4YqKJLzOn1R_SrtE3tQ1ztQxI35bwPTTGV69pmKQ-l4f37_RCUT2x71Y-1gq0-NNx4tFsHXlncqacA7SvekuUFPNLJI6279mXftloTYGLoP34lNf0F2lLkDNcXNQcalF-bj3p5FCgtVgL-Bkl-RDL_ckJlU0p-d1aYUcKUB-td3hjk4E9Vak6B3PGsu285bM5SXBlG6IejiLoidGRZWZ0hZ6NR1KhHhMAIRjwoeUxYnfo2rK3eiCnKHSAm7kIq2MlfpORBlcAEi6O118oDoAYCgAeWr9vOAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDZoxXSCAkIgOGAEBABGB-ACgHICwHYEwPQFQGAFwGyFxoKGAgAEhRwdWItODM2Nzc0OTk1NjkxNzAwNg&sigh=2mDzIbdcOLI

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C8E2 118 KB
36 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C8E2 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C8E2 25 KB
10 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:42:52 GMT

GET
DATA 200
OK truncated
/ Frame 8923 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bad98df13137c5f369a86a62ac62042596888c5a3c235320cefa65e9aec631d8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
0 16ms
16ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gfp_cw_status&domain=farfeshplus.online&host=www.farfeshplus.online&success=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FAA6 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 19 May 2021 04:46:36 GMT
expires: Thu, 19 May 2022 04:46:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK h78o6ojw9z7r Show response
hal9000.redintelligence.net/zone/ Frame 3750 11 KB
4 KB 42ms
13ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/h78o6ojw9z7r?subid=&rnd=5001068356410390840&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7192c2fc9c4decf50d30b18e13499ecabcfa25f4559ad2e0b96b8369507fa287

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:37 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3433
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 3750 49 B
330 B 102ms
31ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=5001068356410390840&node_id=2637&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTW1ZNU5tWXdNV1F0TW1SbFpTMDRNalV6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDEwNjgzNTY0MTAzOTA4NDAvNjYyMjMyOC80NTYyMzA2LzQvNFpuLThIaXRpQ2tMU1UzckdXNWh5RXI2Vlo5Z3BWSjlUdmdkZjFmNTlIZy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MDAxMDY4MzU2NDEwMzkwODQwL3pyaC8wLzcwLzI4Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjIxMzk5NTk2LzE2MjE0MTIxOTYvNC9wdWItODM2Nzc0OTk1NjkxNzAwNi8/vt3l-1GxHzsCQNm9KCEGMiHGdI0&nodeid=2637&group=eu&auctionid=5001068356410390840&sid=4562306&cid=6622328&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%26client%3Dca-pub-8367749956917006%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:30 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x77, zrh-bidder-x151
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 19 May 2021 04:46:29 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.mediamathtag.com/2/619621/ Frame 3750 6 KB
3 KB 129ms
28ms Script
application/javascript 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//www.farfeshplus.online/vidmain.asp&ui=2f96f01d-2dee-8253-0000-000000000000&ap=&ti=5001068356410390840&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&pp=pub-8367749956917006&sr=4&de=43003&si=26264522&dm=336x280&ac=651871&cr=6622328&ai=216536&c1=4562306&r1=2a01:4f8:192::&r2=&r3=

Requested by

Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTW1ZNU5tWXdNV1F0TW1SbFpTMDRNalV6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDEwNjgzNTY0MTAzOTA4NDAvNjYyMjMyOC80NTYyMzA2LzQvNFpuLThIaXRpQ2tMU1UzckdXNWh5RXI2Vlo5Z3BWSjlUdmdkZjFmNTlIZy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MDAxMDY4MzU2NDEwMzkwODQwL3pyaC8wLzcwLzI4Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjIxMzk5NTk2LzE2MjE0MTIxOTYvNC9wdWItODM2Nzc0OTk1NjkxNzAwNi8/vt3l-1GxHzsCQNm9KCEGMiHGdI0&nodeid=2637&group=eu&auctionid=5001068356410390840&sid=4562306&cid=6622328&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%26client%3Dca-pub-8367749956917006%26adurl%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

Software

Resource Hash

61503a287de254c32f72e9cffc4a878840965b614e60add27460575e71c2d518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:37 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: application/javascript
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 2751
Expires: 0

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 3750 43 B
360 B 81ms
31ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=5001068356410390840&v3=651871&v4=4562306&v5=6622328&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTW1ZNU5tWXdNV1F0TW1SbFpTMDRNalV6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDEwNjgzNTY0MTAzOTA4NDAvNjYyMjMyOC80NTYyMzA2LzQvNFpuLThIaXRpQ2tMU1UzckdXNWh5RXI2Vlo5Z3BWSjlUdmdkZjFmNTlIZy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MDAxMDY4MzU2NDEwMzkwODQwL3pyaC8wLzcwLzI4Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjIxMzk5NTk2LzE2MjE0MTIxOTYvNC9wdWItODM2Nzc0OTk1NjkxNzAwNi8/vt3l-1GxHzsCQNm9KCEGMiHGdI0&nodeid=2637&group=eu&auctionid=5001068356410390840&sid=4562306&cid=6622328&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%26client%3Dca-pub-8367749956917006%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3736 915c305 master cdg-pixel-x28 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:37 GMT
Server: MT3 3736 915c305 master cdg-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 04:48:32 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 3750 49 B
330 B 99ms
29ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=5001068356410390840&st=4562306&time=1621399597&nodeid=2637
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTW1ZNU5tWXdNV1F0TW1SbFpTMDRNalV6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDEwNjgzNTY0MTAzOTA4NDAvNjYyMjMyOC80NTYyMzA2LzQvNFpuLThIaXRpQ2tMU1UzckdXNWh5RXI2Vlo5Z3BWSjlUdmdkZjFmNTlIZy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MDAxMDY4MzU2NDEwMzkwODQwL3pyaC8wLzcwLzI4Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjIxMzk5NTk2LzE2MjE0MTIxOTYvNC9wdWItODM2Nzc0OTk1NjkxNzAwNi8/vt3l-1GxHzsCQNm9KCEGMiHGdI0&nodeid=2637&group=eu&auctionid=5001068356410390840&sid=4562306&cid=6622328&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%26client%3Dca-pub-8367749956917006%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:30 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x64, zrh-bidder-x151
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 19 May 2021 04:46:29 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
152 B 21ms
20ms Ping
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/csm/events
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.farfeshplus.online
date: Wed, 19 May 2021 04:46:36 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 14ms
13ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 14 May 2022 04:46:37 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 14ms
14ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 14 May 2022 04:46:37 GMT

GET
H3-29 200 13787664671980367197
tpc.googlesyndication.com/simgad/ Frame 5517 29 KB
29 KB 9ms
8ms Image
image/gif 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13787664671980367197

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb2046db149e3f05106716883596ced37d71ccab14cbf0bbd3bb5b8f6dd49544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 19:35:27 GMT
x-content-type-options: nosniff
age: 465070
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29871
x-xss-protection: 0
last-modified: Sun, 18 Apr 2021 09:33:22 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 May 2022 19:35:27 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 5517 17 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:42:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 5517 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5517 118 KB
36 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 5517 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 5517 25 KB
10 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:42:52 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5517 0
0 19ms
17ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CO4E0LJikYNejKfTH7_UPvvWL0AqPgtLUYsyM3fGaDrChsu-DAhABIK2JgyZglfrwgYwHoAHktKyTAsgBA6kC7RXnaOSCtD6oAwHIA8kEqgTvAU_QBCn1qw8zdY2El9uyZiJGFn7u3FUpbUQ9sPFN6x3jSiKVHC6VEnrbMSBz6i0YETjjy8AmJ4d9DANCiWhBuoD4a3gNmBtWxK3AaGV8MlCS0E1UMuJd7yXK3z_sKSLm1FC-MFS-JXj2xkaeTAScMQh2LFXBzFhM31vCCsqxqDabN76H48dbpNoAjX5b80kn6kK0pNSEvSjAj6tV8zK2pHeVo1rrCOaMFdL_2hQ6IMdw4v-ZFVQAIoyarCSw6PHLI_aM-L8rXeUHHD7pwn5vc1p-UTPsRmOGpay2IHdsWTM9ls7EAqZqsNRPlk4F7NMSwAS4tsyk2gOSBQQIBBgBkgUECAUYBKAGA4AHhMvT7AGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ1oI90ggJCIDhgBAQARgfgAoByAsB2BMC0BUBgBcBshcaChgIABIUcHViLTYyNjYzMTMxOTAwODcxNzM&sigh=s0iiVjv6OHI

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E4B2 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=5661428205&adk=1000419482&adf=2695793703&pi=t.ma~as.5661428205&w=760&fwrn=4&fwrnh=100&lmt=1621399596&rafmt=1&psa=0&format=760x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595905&bpp=3&bdt=866&idt=859&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90&nras=1&correlator=614432440065&frm=20&pv=2&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=420&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=kgNiSeOsGU&p=https%3A//www.farfeshplus.online&dtd=865

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1038
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame E266 247 B
789 B 63ms
14ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

5b28f10f3b519ff3f194d085a453a6d2b77519348f8121b809ee17a87bb8db9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-FX_J4i9Jd0-qUmB-hpBPRw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 204
date: Wed, 19 May 2021 04:46:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F7C8 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5548
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 5802316642317917135
tpc.googlesyndication.com/daca_images/simgad/ Frame B1BF 47 KB
47 KB 14ms
8ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5802316642317917135

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44c17b73811d828ded486a2520c89a58a5cf478300b7b2ab4e877ac8d1480c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 13:43:31 GMT
x-content-type-options: nosniff
age: 399786
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47979
x-xss-protection: 0
last-modified: Fri, 14 May 2021 10:14:29 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 13:43:31 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame B1BF 17 KB
7 KB 15ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:42:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame B1BF 2 KB
1 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B1BF 118 KB
36 KB 21ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame B1BF 13 KB
6 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame B1BF 0
0 19ms
13ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQG7AxDomNw4hDrGcJdS--Y2ASJUFKkXpOBbRIAJEx4e7wWZJ18rOXc3K2ViaNgi-5dOGXyt6ydsFb5elktUVje81ShLg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame B1BF 25 KB
10 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:42:52 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame B1BF 0
0 21ms
18ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CozSJLJikYJv0O524x_AP3-KCiAu-yfLWYoboi_L8Db_hHhABIOy_kBFglQKgAcj-q6cCyAECqQJjPSHnuEiBPqgDAcgDyQSqBO4BT9ChIaN1H74stqJ-ewN4GrQ1TuAo3-ui0k6e_rgfPP8v4PsylZ1pK5zepqz3tdNrqVOyT4uZVCTxJ9YOJ5PbZpO875c1mOEredMot0fAM8-gWS88YZrZRVnWIm6uh_lYixykrvyHWPkOJG7vPveD_yynz6huHGEvnO48EhMfu8W_0TVL804aVbr0EzOGNjnewdP8X3qYg_HI6tYIbfbe5goBj6WJFClzDWetEVVWaPP9Y9DQ5jy-p9wPJdn4Uoa9M9XGp1bGOF5w8eAolLzS7nTgc0GtBAHNp4EvVmbU11-WUljCANOeWlkWPyr3psAEjZuH-8IDkgUECAQYAZIFBAgFGASgBgKAB4D18uIBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEPOLA9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi0xMjMxNjYxNjMzNDQwOTgw&sigh=O2P_CnTW4BY

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 04:46:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C8E2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e756c48c642809aabaebeed2b5156ac70af0910e753331c0e36458466478aafb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame 3750
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

97ms
74ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.farfeshplus.online%2F&ancestorOrigins=https%3A%2F%2Fwww.farfeshplus.online&random=9237551889622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8367749956917006&output=html&h=280&slotname=6257495432&adk=977065434&adf=1662498494&pi=t.ma~as.6257495432&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595909&bpp=2&bdt=870&idt=948&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=814&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=9&uci=a!9&btvi=2&fsb=1&xpc=Vfw3v0iDBq&p=https%3A//www.farfeshplus.online&dtd=962
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 71cd77ac96b3ebee817947056738da7ce94b72e3900f7a66163b056fc380a02b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:37 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 67696600023845700951407011599025
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 894
Expires: Wed, 19 May 2021 05:46:37 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:37 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.farfeshplus.online%2F&ancestorOrigins=https%3A%2F%2Fwww.farfeshplus.online&random=9237551889622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 19 May 2021 05:46:37 +0200

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A59B 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6266313190087173&output=html&h=90&slotname=5788561387&adk=1358258519&adf=1781128803&pi=t.ma~as.5788561387&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595765&bpp=1&bdt=726&idt=890&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=527&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&fsb=1&xpc=fgaDqhx8GF&p=https%3A//www.farfeshplus.online&dtd=896

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1038
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9B55 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5548
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 iframe.html Show response
p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 5E7A 4 KB
2 KB 30ms
15ms Document
text/html 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

dca80706fd6ee621bb041d0ccd65ed4ba52b76e18c019edccd2527fc3672a2cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-T4uz6dahww0ZY_2tSBkiAg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1860
date: Wed, 19 May 2021 04:46:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5517 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 664cbfbb35078b3a70ce7839165bf83279c812ed8a017420ec2544ef5b0f5fca

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04DA 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=280&slotname=9134183485&adk=4187177663&adf=193961900&pi=t.ma~as.9134183485&w=336&lmt=1621399596&psa=0&format=336x280&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595911&bpp=7&bdt=872&idt=1049&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600%2C728x90%2C728x90%2C760x280%2C336x280&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=450&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=10&uci=a!a&btvi=3&fsb=1&xpc=CgUsnlA2jb&p=https%3A//www.farfeshplus.online&dtd=1055

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1038
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5E16 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5548
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B1BF 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fc120b3fce9d1ec2f03ce708ff0b00eb2692c756d1c662e28c9a9e8379ad8ba

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4174 35 B
464 B 13ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitUI3UQoJnW6t4nxJQ5Qm17QHwobPCGJS1lMZ9pxgLRXRL_VntneZzsfv_fa5ra6Ao9jetpxOIkQplIpuzLXu14xceoXSyn0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4174
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU
https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKb0VOwjmK43PGHckLC0BEhcJzuTymEvVUzHsj80E3iajPg-I43nhEAmRb30fDeftM4y1LYiTQlHhtB2upvxXq0c_d-xKU&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: b62sroaurog1nib845c96fanu0765usj

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4174
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKG_f9QjDBuzeIjSbLBGBoBz8qand3x2Yg9OTwYEYjL5XXM0n0d5bjLniR5T5FlKUjnVdBLr8CM-nbKmaQBvmEO_gBhlpo

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKG_f9QjDBuzeIjSbLBGBoBz8qand3x2Yg9OTwYEYjL5XXM0n0d5bjLniR5T5FlKUjnVdBLr8CM-nbKmaQBvmEO_gBhlpo
date: Wed, 19 May 2021 04:46:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4174
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoq...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHTFUtMVktRThCUQ==&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoqBW4C7RJ5srqa2cJ59v8LvqyY

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHTFUtMVktRThCUQ==&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoqBW4C7RJ5srqa2cJ59v8LvqyY

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHTFUtMVktRThCUQ==&google_push=AQvitULp1HOwWqOqOpl114khD3dCFxdYqrq5IpHmmLMA0xMd7hW44buDAl-O6Qofdf2kULZBIoqBW4C7RJ5srqa2cJ59v8LvqyY
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 4174
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHX...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 4174 43 B
296 B 26ms
22ms Image
image/gif 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEH-SH7B1IBmKPcDTV9vKSy8&google_cver=1&google_push=AQvitUK_wU9HpXeGgWyN13sA-T53v-Y5DYs0BoOC1jbPl3mRlE9zDRJrypMNxR4mGU7c4YUcZZoz65XwM1EVrb_17u4FJ_-Vebc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1231661633440980&output=html&h=90&slotname=6031485414&adk=46142453&adf=2073345350&pi=t.ma~as.6031485414&w=728&lmt=1621399596&psa=0&format=728x90&url=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621399595656&bpp=8&bdt=617&idt=949&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D64859dd457ef9b96%3AT%3D1621399596%3AS%3DALNI_MYsRoFv3Sns6_aKKXH3RB13LxkihA&prev_fmts=0x0%2C120x600%2C120x600%2C160x600%2C300x600&nras=1&correlator=614432440065&frm=20&pv=1&ga_vid=1122770643.1621399596&ga_sid=1621399596&ga_hid=1792428796&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=121&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060614&oid=3&pvsid=1395230846843737&ref=https%3A%2F%2Fmobile.farfeshplus.online%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=II3xXGH95g&p=https%3A//www.farfeshplus.online&dtd=954
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4174
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKU_VgTYn35djd9EtRs...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKU_VgTYn35djd9EtRsrHhWKo-oW7oH4HOfWkElX7UjyAaQ4auFh1r8eViXeAQ8oes5wD2pXidc75w0iTURWjbCQN1eg5SU&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKU_VgTYn35djd9EtRsrHhWKo-oW7oH4HOfWkElX7UjyAaQ4auFh1r8eViXeAQ8oes5wD2pXidc75w0iTURWjbCQN1eg5SU&google_hm=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKU_VgTYn35djd9EtRsrHhWKo-oW7oH4HOfWkElX7UjyAaQ4auFh1r8eViXeAQ8oes5wD2pXidc75w0iTURWjbCQN1eg5SU&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 04:46:37 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4174 0
12 B 19ms
15ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IYiEywKScTxh0YsFhubKwELAcRDRkxTg15-kJ3pTeButPm44cz4p7bxCWNbF5kvV9WNZc7fA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E007 478 B
253 B 16ms
16ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 04:46:37 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 982E 61 KB
24 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BV1x6_cmQIJJhBX8SiVIaRIC8M0OeUQqK_QY6qku7BKXY9C-5McAZCjM-6UZHtkgsv6r0eMifkm9X3J7kzKV9QJ53ZkZbZ_RSHanYVexrLbsbQhxK_2PmUwjALkwMNneThsV5fOCn7t2gU0i_bZz4Q7k5fxw&dbm_d=AKAmf-AteaDLS_Bbo74kLlF3l-R5mk30OVpv9YuW3w639O_M_MRoTIgHRc9zWk9BXx7JpQCXFgMNM10lHo3Rdja_w9AwHQx5nZaO0DR-thNMA6lw3a0gfDnrIJaR1ARObM4VEGuetISDzS69UjnLOL0sordyydlezucXiuH9RIXGYjcN7oycmAwJu3E55wEnsOmyECDYUQt-HFfKYjMuEKFPP6YdqFyCgS-HKnXj-6HGfPkNXgIOCyA8GxvLusUyLU2j8CHR0FawDGL7I5bFvx5PV0NZSEtC_CMUWPHn_MGrkETw3dxRocZFDwcbTa9q9lW5QMpn6GnxWuu1pMKl_7NJLE9OClFH6wyMOn-vWrv4VwA2r8f5uELLQgBkvuf51NubFMSACJnnva_gopb0Q-XuxCy47rP1Oe5smkWAXxemzirVSFeWD0eF3pqNXcKBxRZ9wri8k03f25Y7NMmx46fnQzMmnEbOyWeY0dh0jzxaLTJsF7q2EyPBgz_2tJMXvHCiOaXTnJl3JOuDg-CY2PP5NXLrhA5RA9y6SHv_1ruf33z552n_heKYoZqMWH9jcKRmJRGh1A4CyWdXZPeAQTmyZ6JMBE96FrtbdPVt_k9TEdB_2iz8T3RXLr564g67goVfMY0xZ7ZDBS5fIEmWoU4Nmr6dcFp8bSRoYpZG83a04oEPffv-t8AtD2-02mYabx-LaauqpcMgRwpkxG-XRQ0GL1x_c6MTGrOhX_VBHiE34i7yd0a7_IYGiN3kSvDDaFCX2H1gUAH8pMMX6FnkND82vnQDnQXTjm8iKYDHxKqfrB5H4qZZdcQGCEVoJrVSmv6OjAnkr8YOjWtQuOxiDs4eoOk2FPGWAUrkeH6qNHdvntBVSyE2EunJ82Tbvc4qIa8krpAu0EJySXqrvfwwihEc7YwdxJaLkHjztvyn4NVtvYhacce_h-pfUVtyZACcROal4Ea16_bc0FG-i8Nq-bpdd9f3-T00V9pYIMjsuMF8rzXjPE5GVvKNRPXy24vhfzpnSGhFWU8s62WcOxUz4eLV-45aDfrSPN3UjmFSxOFN35e2gyxicws75VMCJHQv5ZBtWXGvCFaTeLb8JH3UwuWZJOsEqLTgBsBsEIcugpP4kcooiljjZES97ChrEFHK1aSAhPWEZ_E9CF0WAhzc32w8dX13P7W6uuQfMRe6yDeSGp-Bc5Vs3kLj403YCrNadVhT5KvgErvv5ZcjT39gjLZGGmj5sfZ41IkYY30Qij9foW2hgChCX0CbGuybwdM4JASYgtDaA1N592lCsKOw95-1ziQsFXqfiJ3DV6ycn0-2-i1oGfa0ndkbCHrqL_4EH7-CLy23lwGjxDaFWggs7BaOhT3FaFmp3Jj6Z0UE-9MrAbStKhSyWsHBbAY5El0FfB53zAqc6H2K43g49aP8D3XMlrroLxM2NSfGi1PtVqKbJ4GsWu2xKiIN4CxiADxdh3Hc-_j7WcCeG-EQQn_HLhyvri_nZCn3sk24Cfz9ZyBQB8sx1rdEFzErBeEp5ipbKLfFOCK-7Aahw2Hrdn1UtMgvm7RmTIjcy-W_2TxNJXLYl9bsUl65e4R3ur9Tedz9UuKqLbU5ld0CdG4ZNyAOsJiG9EYyZzBjyI6drbMX_ONwj8pE-HBy93c26ZLOymDLuO4mo750PhhgykvdhUQenkuQ5XH_dEnv9oEjnbbWSdOvn6RSy82h6QAeZqmul2KTPICK-4gZdeNUpIb5ytHwI-wjaCP7kCkGowr7FG99CXjDms6uuu15s7gQ_407FMI6zOSRcm9DjNKu-t1rR-F_uG7g2zCFyKjkXIeOSp9GRKjJQ-Qa6KmE2Pf5kYMvWubTWf9POkBKwZHscBrcJqiqylhpcMbabk_ZZJzFZRiPoQTERXnW6LUm__ronJ_bNrg9xnUMOo_AOU-O0n7rP5haaAtDa2RWZF_88YM8LgNI2UufOGpqoa3untMPTa3YBKVGmIqhA_7PGqDmRjELSNf2WaCb69j0m3BGAv5wNbcaE7qwxdYxPTywqy1D5LmHCLnR11BOf6Ax2Yw6w40YUCJLcf2UJdZDJ0XtQM5og0mrFlvKBEwLGJK7RAWDKRqf3LmURplcNaN7V8kqAIrzg-ypR6nApbwic8XBN9cXZdV3wAT8t2bXzrAjFJR1YZFHdQxKKLX_zFeCbc0JEkOHR-r_7Z3kps1fqA69xZB5qGfFQAtiEfZaHdC3di8wHsnSSAkeQD5bHTT6Auaq01cBxwAtiFyn4uYqtopVvk8BjXYV8GofK67qxBs06OZrcYGCVs5iK_ZMkmWzPLKIwaIQl_Mz5hJynARgiQ85sVsZloM6QnwW8mKZywKES70P5OvO6IgoPsgnpGjiddVSxy2_TpazDobX_lvF2j4Kc5ECSyxy-Hhdnc6SEaqi5iU3DqHx-u3lIj8tb3_PNULU4VHvs_c2nljQf6sFmjRJG2up0vGRU34RYuLQRlScy89F3xrKBm7EbL-6gEP_t6mPPDawmMel30Q9tDjE5yhoyiAgOtGtZ4LUOKiPp1244e0S6ZCrjxOv63vM6YyKmDWPSGNl5fFkQYeMb6R6p3Op_miBn7NWqQ0x0a-D0aPBM5gmI3DP34yDQ6QTVXQwwl5ag2FkUTG0nui0_qHkFWQTpWKErujiIOScsbZYJRHL4izOJhA5MvP0AWgssR4kZ1dWH7-nx_mgBKdhM4mUSRH_ctGZrdHeUollE7mHrrDxXCTqDykGqPgdXp5Vy8AWD8ckjmTBkpcv8I_De2hWaojnct6aTP64V8MmsoKPRaNDNmOgAbxwHGBqWMHpHcRQQ0_oGBUAPqjBFRNV6nqffH7w2X4lKYpT7mbvMqtAw-nZa4GRSaBietZnB59_Yc-0W6qZiv8nqKAHVKne0N7MjU5oy0uhN8B6Dz-i1YLmQ2jBcJ70cXp7q5ZcTlkSTWB9MPvGBGTsSnybAZ2vJ-Q8UwMICjwjgaZN4mJcbyntiubuJpE&cid=CAASEuRoYVrGdAoNg7hWW29dQ1pVog&rfl=2%2Chttps%253A%252F%252Fwww.farfeshplus.online%252F%240

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

348de2e3a7898feb64d3e8b9fa3a06429fe9c3c5af0501d9bea341a47058d582

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24722
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 982E 2 KB
1 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:29:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 982E 118 KB
36 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 982E 13 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:21:39 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 982E 0
0 17ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRlKyyWtnXwc_YKhvxdA0cszLwHgunksMJktmo9WQbp95A2L-hDj4t-a_gHyeV3kLuMt6AJZpj3b2yinQLpYvgTCYaNtA
Requested by: Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 982E 42 B
63 B 17ms
15ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Db9kzsNl6kPBYJ0Fm9m60tXVS-bs392G0WHk0xWVnx7kdzvbLrL-aWbLpbQoCJoDLI4AqAlngCC2YWPmQtCrFL7AY9jfcWTOywcBQpvPE5Lovr-J8

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F9C2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:37 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 05:46:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:37 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:37 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame C824 14 KB
6 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514346
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje7...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje76apZ0ho3e2dNfbgGhh31h7iCcTS6MZcK3x7aZHRgk&google_hm=viUcxST...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje76apZ0ho3e2dNfbgGhh31h7iCcTS6MZcK3x7aZHRgk&google_hm=viUcxSTyNY3_0pEAkmFMjw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJzUqyU65Z4XhKSLdRj1kcBZ-HVjPYjcOg-b5d2TlzcoXDy1GVje76apZ0ho3e2dNfbgGhh31h7iCcTS6MZcK3x7aZHRgk&google_hm=viUcxSTyNY3_0pEAkmFMjw
pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_i...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFBTnNwU25Bbg&google_push=AQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_iFpeKRzZ_MgGn7JTsoJtS8wHLb-yd652nq_OsN4GuvhW228cWRZJDuuLiV

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFBTnNwU25Bbg&google_push=AQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_iFpeKRzZ_MgGn7JTsoJtS8wHLb-yd652nq_OsN4GuvhW228cWRZJDuuLiV

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFBTnNwU25Bbg&google_push=AQvitUKTohe9VliTgAc1sGztEOBTGGtdZy4roc2ku_iFpeKRzZ_MgGn7JTsoJtS8wHLb-yd652nq_OsN4GuvhW228cWRZJDuuLiV
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJHiQ0qtJIT3e-uuaKVnLmSDyRd5_BiuUx0ie32EmYm6rpDdoIfR6Vmyl2Q9-Rk9gO6TGNM94cfJO5Z9bLOCNmzPOI0Bg4p&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 9ll48fsbrcb8turnii6pl0a4fn3bjsub

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKcPKroHNK8aR5Go84wSZEZn007S9D2bErLMBSaXM9XVlyh_qKBHf-yn1yn-Ts0qfDEF6sDitXJFpmOXKZnAcUjcz3YGNLd

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKcPKroHNK8aR5Go84wSZEZn007S9D2bErLMBSaXM9XVlyh_qKBHf-yn1yn-Ts0qfDEF6sDitXJFpmOXKZnAcUjcz3YGNLd
date: Wed, 19 May 2021 04:46:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgG...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUEMtMTAtOVBJMw==&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgGF58OCZdUo9hPiCLgoHuVbgfRN

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUEMtMTAtOVBJMw==&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgGF58OCZdUo9hPiCLgoHuVbgfRN

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUEMtMTAtOVBJMw==&google_push=AQvitUI9nYFEl3j6dgIwEpdIWT_XsFJ-TWdPnSr_SIPTmCBXzE-mP-ORsCcj1p1Ov6NQHF7rXgGF58OCZdUo9hPiCLgoHuVbgfRN
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmM...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7AFB
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKrVXQpSLGxhOcM_K2k...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKrVXQpSLGxhOcM_K2kTJJp3_3klK2H9WCZuwlHgPRJ5fPsBNlKgM5951UTTIILAUxrYDZc7WGPEkfm9XL2ZVUZvlTBrsWx&google_hm=

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKrVXQpSLGxhOcM_K2kTJJp3_3klK2H9WCZuwlHgPRJ5fPsBNlKgM5951UTTIILAUxrYDZc7WGPEkfm9XL2ZVUZvlTBrsWx&google_hm=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKrVXQpSLGxhOcM_K2kTJJp3_3klK2H9WCZuwlHgPRJ5fPsBNlKgM5951UTTIILAUxrYDZc7WGPEkfm9XL2ZVUZvlTBrsWx&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 04:46:37 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 7AFB 0
12 B 15ms
14ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JurfGgDW-_Bo7YVhz61b-tqF-RCBRfBTW2TM8LQf54KNIp_BOOiaKeU5zDitRPaxv055Z6eg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:37 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 iframe.html Show response
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame E266 4 KB
2 KB 30ms
15ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

bc8f5f5470befaf2373a91f39698ade46d3a1b48edb138b72fef9e1325706780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-snBRUSbBhFdmX291gYvprA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1861
date: Wed, 19 May 2021 04:46:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 75E9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 05:46:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:38 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 982E 176 KB
61 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 13:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54118
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 13:44:40 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/ Frame 982E 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BV1x6_cmQIJJhBX8SiVIaRIC8M0OeUQqK_QY6qku7BKXY9C-5McAZCjM-6UZHtkgsv6r0eMifkm9X3J7kzKV9QJ53ZkZbZ_RSHanYVexrLbsbQhxK_2PmUwjALkwMNneThsV5fOCn7t2gU0i_bZz4Q7k5fxw&dbm_d=AKAmf-AteaDLS_Bbo74kLlF3l-R5mk30OVpv9YuW3w639O_M_MRoTIgHRc9zWk9BXx7JpQCXFgMNM10lHo3Rdja_w9AwHQx5nZaO0DR-thNMA6lw3a0gfDnrIJaR1ARObM4VEGuetISDzS69UjnLOL0sordyydlezucXiuH9RIXGYjcN7oycmAwJu3E55wEnsOmyECDYUQt-HFfKYjMuEKFPP6YdqFyCgS-HKnXj-6HGfPkNXgIOCyA8GxvLusUyLU2j8CHR0FawDGL7I5bFvx5PV0NZSEtC_CMUWPHn_MGrkETw3dxRocZFDwcbTa9q9lW5QMpn6GnxWuu1pMKl_7NJLE9OClFH6wyMOn-vWrv4VwA2r8f5uELLQgBkvuf51NubFMSACJnnva_gopb0Q-XuxCy47rP1Oe5smkWAXxemzirVSFeWD0eF3pqNXcKBxRZ9wri8k03f25Y7NMmx46fnQzMmnEbOyWeY0dh0jzxaLTJsF7q2EyPBgz_2tJMXvHCiOaXTnJl3JOuDg-CY2PP5NXLrhA5RA9y6SHv_1ruf33z552n_heKYoZqMWH9jcKRmJRGh1A4CyWdXZPeAQTmyZ6JMBE96FrtbdPVt_k9TEdB_2iz8T3RXLr564g67goVfMY0xZ7ZDBS5fIEmWoU4Nmr6dcFp8bSRoYpZG83a04oEPffv-t8AtD2-02mYabx-LaauqpcMgRwpkxG-XRQ0GL1x_c6MTGrOhX_VBHiE34i7yd0a7_IYGiN3kSvDDaFCX2H1gUAH8pMMX6FnkND82vnQDnQXTjm8iKYDHxKqfrB5H4qZZdcQGCEVoJrVSmv6OjAnkr8YOjWtQuOxiDs4eoOk2FPGWAUrkeH6qNHdvntBVSyE2EunJ82Tbvc4qIa8krpAu0EJySXqrvfwwihEc7YwdxJaLkHjztvyn4NVtvYhacce_h-pfUVtyZACcROal4Ea16_bc0FG-i8Nq-bpdd9f3-T00V9pYIMjsuMF8rzXjPE5GVvKNRPXy24vhfzpnSGhFWU8s62WcOxUz4eLV-45aDfrSPN3UjmFSxOFN35e2gyxicws75VMCJHQv5ZBtWXGvCFaTeLb8JH3UwuWZJOsEqLTgBsBsEIcugpP4kcooiljjZES97ChrEFHK1aSAhPWEZ_E9CF0WAhzc32w8dX13P7W6uuQfMRe6yDeSGp-Bc5Vs3kLj403YCrNadVhT5KvgErvv5ZcjT39gjLZGGmj5sfZ41IkYY30Qij9foW2hgChCX0CbGuybwdM4JASYgtDaA1N592lCsKOw95-1ziQsFXqfiJ3DV6ycn0-2-i1oGfa0ndkbCHrqL_4EH7-CLy23lwGjxDaFWggs7BaOhT3FaFmp3Jj6Z0UE-9MrAbStKhSyWsHBbAY5El0FfB53zAqc6H2K43g49aP8D3XMlrroLxM2NSfGi1PtVqKbJ4GsWu2xKiIN4CxiADxdh3Hc-_j7WcCeG-EQQn_HLhyvri_nZCn3sk24Cfz9ZyBQB8sx1rdEFzErBeEp5ipbKLfFOCK-7Aahw2Hrdn1UtMgvm7RmTIjcy-W_2TxNJXLYl9bsUl65e4R3ur9Tedz9UuKqLbU5ld0CdG4ZNyAOsJiG9EYyZzBjyI6drbMX_ONwj8pE-HBy93c26ZLOymDLuO4mo750PhhgykvdhUQenkuQ5XH_dEnv9oEjnbbWSdOvn6RSy82h6QAeZqmul2KTPICK-4gZdeNUpIb5ytHwI-wjaCP7kCkGowr7FG99CXjDms6uuu15s7gQ_407FMI6zOSRcm9DjNKu-t1rR-F_uG7g2zCFyKjkXIeOSp9GRKjJQ-Qa6KmE2Pf5kYMvWubTWf9POkBKwZHscBrcJqiqylhpcMbabk_ZZJzFZRiPoQTERXnW6LUm__ronJ_bNrg9xnUMOo_AOU-O0n7rP5haaAtDa2RWZF_88YM8LgNI2UufOGpqoa3untMPTa3YBKVGmIqhA_7PGqDmRjELSNf2WaCb69j0m3BGAv5wNbcaE7qwxdYxPTywqy1D5LmHCLnR11BOf6Ax2Yw6w40YUCJLcf2UJdZDJ0XtQM5og0mrFlvKBEwLGJK7RAWDKRqf3LmURplcNaN7V8kqAIrzg-ypR6nApbwic8XBN9cXZdV3wAT8t2bXzrAjFJR1YZFHdQxKKLX_zFeCbc0JEkOHR-r_7Z3kps1fqA69xZB5qGfFQAtiEfZaHdC3di8wHsnSSAkeQD5bHTT6Auaq01cBxwAtiFyn4uYqtopVvk8BjXYV8GofK67qxBs06OZrcYGCVs5iK_ZMkmWzPLKIwaIQl_Mz5hJynARgiQ85sVsZloM6QnwW8mKZywKES70P5OvO6IgoPsgnpGjiddVSxy2_TpazDobX_lvF2j4Kc5ECSyxy-Hhdnc6SEaqi5iU3DqHx-u3lIj8tb3_PNULU4VHvs_c2nljQf6sFmjRJG2up0vGRU34RYuLQRlScy89F3xrKBm7EbL-6gEP_t6mPPDawmMel30Q9tDjE5yhoyiAgOtGtZ4LUOKiPp1244e0S6ZCrjxOv63vM6YyKmDWPSGNl5fFkQYeMb6R6p3Op_miBn7NWqQ0x0a-D0aPBM5gmI3DP34yDQ6QTVXQwwl5ag2FkUTG0nui0_qHkFWQTpWKErujiIOScsbZYJRHL4izOJhA5MvP0AWgssR4kZ1dWH7-nx_mgBKdhM4mUSRH_ctGZrdHeUollE7mHrrDxXCTqDykGqPgdXp5Vy8AWD8ckjmTBkpcv8I_De2hWaojnct6aTP64V8MmsoKPRaNDNmOgAbxwHGBqWMHpHcRQQ0_oGBUAPqjBFRNV6nqffH7w2X4lKYpT7mbvMqtAw-nZa4GRSaBietZnB59_Yc-0W6qZiv8nqKAHVKne0N7MjU5oy0uhN8B6Dz-i1YLmQ2jBcJ70cXp7q5ZcTlkSTWB9MPvGBGTsSnybAZ2vJ-Q8UwMICjwjgaZN4mJcbyntiubuJpE&cid=CAASEuRoYVrGdAoNg7hWW29dQ1pVog&rfl=2%2Chttps%253A%252F%252Fwww.farfeshplus.online%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:41:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 333
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:41:05 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 982E 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4c0938e087a40c05a99d723eaf012958e03b048659bed9b36a2bc63f766d32b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:36:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8593
x-xss-protection: 0
server: cafe
etag: 3013172215444160546
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 04:36:47 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame F7C8 35 B
210 B 20ms
13ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitULFLlKdljgQ5qhnvSmYrC-vL7FZ4GEaDjydQ4aQZQK0SzrWXJEdv6I5-a0dAJlGrZCUNns6QZD46810WvXHuXHG3nuatm_GoQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTm5ubGlPTA&google_push=AQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ_dbQ-QLxlhewMOGpHaU7n5gD2JPRQRMMri_MYzB_wk-lN0fPJ0pJl2O...

170 B
188 B

28ms
25ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTm5ubGlPTA&google_push=AQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ_dbQ-QLxlhewMOGpHaU7n5gD2JPRQRMMri_MYzB_wk-lN0fPJ0pJl2O1dWQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTm5ubGlPTA&google_push=AQvitUJRKoLNKKP7nZiWyFm3e2faORGteteFEr5g9VZ_dbQ-QLxlhewMOGpHaU7n5gD2JPRQRMMri_MYzB_wk-lN0fPJ0pJl2O1dWQ
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEGpm8weIKC0PPArVZSHCdEY&google_cver=1&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ&google_hm=Q0FFU0VHcG04d2VJS0M...

170 B
188 B

25ms
22ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ&google_hm=Q0FFU0VHcG04d2VJS0MwUFBBclZaU0hDZEVZ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIK51IMxeWOsh748jnE9jw82230gPzfpmjdNQa2lvUohpyqEBnU5CslCmvGZdhH1246qgEL_wvERlG_MdrVTllVFscRkjpCCQ&google_hm=Q0FFU0VHcG04d2VJS0MwUFBBclZaU0hDZEVZ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

22ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2vrcXa7PQAjdXApaKjh1wY11DJj71MEKsmDN5njoSP4_7w6G0MuU85UXqYihInPxo_d0rj_oP-hgW9GovpoB00sW2lhVgNw&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: t4bq408uo4l48msbp9ghbv02iccdu2i7

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI8jd59rrAoPeq58y6HM9BHQHHS0bXrz6jUEPBnB1gVG92KY7ufczVmYw8BQBJ2VJvLbFeDPG7ka4SRezhkooGe2t8KcdeVWA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI8jd59rrAoPeq58y6HM9BHQHHS0bXrz6jUEPBnB1gVG92KY7ufczVmYw8BQBJ2VJvLbFeDPG7ka4SRezhkooGe2t8KcdeVWA
date: Wed, 19 May 2021 04:46:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6J...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUzAtRy0xSE9G&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6JdXUxK_KLoYUKsr3C55NPb7tn3uQ

170 B
188 B

28ms
26ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUzAtRy0xSE9G&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6JdXUxK_KLoYUKsr3C55NPb7tn3uQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHUzAtRy0xSE9G&google_push=AQvitULKfq-ZFtCy_Root4ZYZuwO8I90L0186JhMs6B9puyy3sGoLhf1qDy0C3duE_2gKWsUr6JdXUxK_KLoYUKsr3C55NPb7tn3uQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame F7C8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ip...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame F7C8 0
12 B 33ms
24ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KqiuywT6ON-T6GeI5mTDR5zK4tNssYrb8Rgr8lJFQ5zgNxj5syUxSXAtu_-J7cqCqMEhjD

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame E007 170 B
188 B 19ms
18ms Image
image/png 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E007
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1

43 B
894 B

78ms
31ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 04:46:38 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E007
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1

43 B
894 B

26ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjUwLyZATAB&v=APEucNWd4sWRJYQu3Y5q8OQgrcIQqAjlCTh6wXsL3rMvv-jyV2yCrUNZC883Zxvvzh0imKxYGSsxzjESymh550yqIWH6vhopEc0uzmq4MqkqykO8o0PF9JjdTOEbPgLiPSnxcyOm9-L-5y6Ay44H6mSK8zTGm_9u9G33Hda1DuJ-Lqihcd9fVToJ5XJQeET-Dz8C7kCBSYEdHaE91hl76qmqBZkbZzZvKw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 04:46:38 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFNQIEyfLh4w8HVPRLcogAI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562 Show response
5994599.fls.doubleclick.net/ Frame E85A
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?

391 B
346 B

39ms
24ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

a9642d6bf20c947043c622942ce78c30acc09fc19d384af37abc234061e22dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 May 2021 04:46:38 GMT
expires: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 May 2021 04:46:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame B046 3 KB
2 KB 38ms
14ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=67696600023845700951407011599025&a=04c3a0b3
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=3ab66b20e8&subid=&uid=c6504f02f437a4a6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5001068356410390840%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_cid%3D381760a4-982d-4601-887d-24fc348e8d12%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCkxhzLJikYKSXNvSQlQfxqYTgAs-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTgzNjc3NDk5NTY5MTcwMDbIAQmoAwGqBOoBT9ADnwwKS6N5Ge8tYPSpJFLN9pgnUqIVkc5WBWhz2vYpvN6YqNe3CB4sT2DB466IG_nUns910WT12Vv1D7-uuNYDPyQFAarr-D1d-wsjkU52ylIZ--Hb9fdltNG9wDMMDenecipDe-6rXT6bO0K4KBzI0CeW-EUSCgjCP0wW086c_WuOEITyaQSeFEqblcVfOOpyUaiFbNDptFRjR6FdtCcLCtqnomE4osmdEFaWS9GbEjGBzN4YZfV9CUQfJrKYpm7J_xkEaHgN3F9-eTCsE6GcbzR0CuARlDNar3q-QdzBfnB-fEkuLFLYgAaT5sTFmd31r_oBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3ZDqgjMp2nFB_WwixZgg-nRaNgbQ%2526client%253Dca-pub-8367749956917006%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.farfeshplus.online%2F&ancestorOrigins=https%3A%2F%2Fwww.farfeshplus.online&random=9237551889622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f181f4cb1b4d6741c0b16e962b3c06aa6ad7fe6cf0aa6c1712a1fa86864a604e

Request headers

Host: hal900025.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=1c1eed14fcd8fd54
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 19 May 2021 05:46:38 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1223
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E4B2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

22ms
20ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 05:46:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:38 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 982E 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 17:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39199
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 17:53:19 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5741 1 KB
749 B 11ms
10ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5549
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 982E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d1eaa3b44d10cc4a03faa17ba6defc7d89cc850bdf6037b2e71ea23e4fd409e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 frame.html Show response
ad4mat.net/ Frame C186 1 KB
917 B 34ms
16ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 1310
cf-request-id: 0a248b8cf40000dfeb6a349000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aGBiN9Iz2KzWtdoatFWIAI7zEvX3p89VUJ3hClxJeb%2Ft1I0ZpnOZdj30Z06qLiCwQmImcgPdmLLiwzwRgXVTqRFwX9qOsFH9XoxV0CzRIBj7IQBB48p2"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 651aaec18dfddfeb-FRA
content-encoding: br

GET
H2 200 frame.html Show response
ad4mat.net/ Frame 9CAF 1 KB
1 KB 27ms
15ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 1310
cf-request-id: 0a248b8cf50000dfebafb49000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J9HGU%2Fr1mzVWJdx8%2BAqEKNQAJ7zVLFFG23IRCmg4BiyMRZImF84LimrAOTsx7wt1l6WWbl8%2BfrKtNGmhDfU2LlJr%2Ft%2BUE8hRfGTWRc9JKApwzRfQSGJs"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 651aaec18e02dfeb-FRA
content-encoding: br

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8rkQC0ugTf-L5zOFqbRv6bIUlvWCsefEBNc9IXyGhfo&google_hm=viUcxS...

170 B
188 B

23ms
21ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8rkQC0ugTf-L5zOFqbRv6bIUlvWCsefEBNc9IXyGhfo&google_hm=viUcxSTyNY3_0pEAkmFMjw

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULiOxIhhU6OxK6ab_WCyWATS2ZG0kY7Q_S8gSL_zEgynNREnYTfh8rkQC0ugTf-L5zOFqbRv6bIUlvWCsefEBNc9IXyGhfo&google_hm=viUcxSTyNY3_0pEAkmFMjw
pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrB...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCYW5hMUhURg&google_push=AQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrBIscIhHQqXxAc4NnY7Tpakqh47xeLrK7z1pYFZfRWrDosse5ElHx6C_Lwy

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCYW5hMUhURg&google_push=AQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrBIscIhHQqXxAc4NnY7Tpakqh47xeLrK7z1pYFZfRWrDosse5ElHx6C_Lwy

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCYW5hMUhURg&google_push=AQvitUKw8i2txgQ8iHR0TICKrTr9DC2rTOBUJBs-JrBIscIhHQqXxAc4NnY7Tpakqh47xeLrK7z1pYFZfRWrDosse5ElHx6C_Lwy
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULRzSEKuUyCLbnFqfGOEbUxYP-PJxs7oNzsyp5A3wihzQqSChK9N2HwOCu9jowS7KGWCy-uCYJaJOJB0oOVC7wSogqTuQk&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: gai4l4k13f7ntv151lk6na1l881n5pmb

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIrDcl0mCUFZU4y27ExFdodFwNikqAXGwJIe0xG2rYGFkdOXq7g0g35aS_ZxIl0nKMJLUKFUF56JtC6AznZj1UGf6i6pgc

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIrDcl0mCUFZU4y27ExFdodFwNikqAXGwJIe0xG2rYGFkdOXq7g0g35aS_ZxIl0nKMJLUKFUF56JtC6AznZj1UGf6i6pgc
date: Wed, 19 May 2021 04:46:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcK...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWjgtMTctQzhSUg==&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcKSxLvzhV6XkkBSnyo1m-UxCzxr

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWjgtMTctQzhSUg==&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcKSxLvzhV6XkkBSnyo1m-UxCzxr

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWjgtMTctQzhSUg==&google_push=AQvitUJqaoViY4PrvCHJuK3oHuFMyOt-VF5rYy19gAjix51lTqJA6iXBnCPTcXBFPtaRybcEFcKSxLvzhV6XkkBSnyo1m-UxCzxr
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9B55
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUICzWgQZj6SfPZ6mHz-...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUICzWgQZj6SfPZ6mHz-Sk3_6jsRQv1DwkN6a5khZM8Ls8zM85XEC3cPYKfPXuU11JMPQB_nn2KdIlJY8MjMiyKDxYlCg6Bu&google_hm=

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUICzWgQZj6SfPZ6mHz-Sk3_6jsRQv1DwkN6a5khZM8Ls8zM85XEC3cPYKfPXuU11JMPQB_nn2KdIlJY8MjMiyKDxYlCg6Bu&google_hm=

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUICzWgQZj6SfPZ6mHz-Sk3_6jsRQv1DwkN6a5khZM8Ls8zM85XEC3cPYKfPXuU11JMPQB_nn2KdIlJY8MjMiyKDxYlCg6Bu&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 04:46:38 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 9B55 0
12 B 18ms
16ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LTzTFQqG_FWGI3LDQwNP2Q7SuEYW2z0Zy2YYcaeO-RxlI7qeGlTR32UcAYdLjydYJVJT568A

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3jo...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3joUKA_hRrgs5e8dxtw4YpoVtXD6iCgy9Wkpk9KRJO54&google_hm=viUcxST...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3joUKA_hRrgs5e8dxtw4YpoVtXD6iCgy9Wkpk9KRJO54&google_hm=viUcxSTyNY3_0pEAkmFMjw

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULkv_6jjJaOmkvEVjlwteuph3nQuoauEsdFIaDEH8Rxv7TwYSH3joUKA_hRrgs5e8dxtw4YpoVtXD6iCgy9Wkpk9KRJO54&google_hm=viUcxSTyNY3_0pEAkmFMjw
pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45e...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTzNrU0dGTQ&google_push=AQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45epoWQSYlGcrSKXFWLaHt9do8j4M9qw3PYog1Kbl-9L5C1NG-Z1tqHsR4A

170 B
188 B

18ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTzNrU0dGTQ&google_push=AQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45epoWQSYlGcrSKXFWLaHt9do8j4M9qw3PYog1Kbl-9L5C1NG-Z1tqHsR4A

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCTzNrU0dGTQ&google_push=AQvitUIYtlelYVREwW0PcNZu2iscAInP5sDvQCbN45epoWQSYlGcrSKXFWLaHt9do8j4M9qw3PYog1Kbl-9L5C1NG-Z1tqHsR4A
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUIVRbwx...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIVRbwxiL3WDXY2XPYv3WoAawQS5M4VpJwAyqcvpAmeM9jzFA3_ahBIs8bFQqKySK...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIVRbwxiL3WDXY2XPYv3WoAawQS5M4VpJwAyqcvpAmeM9jzFA3_ahBIs8bFQqKySKvVxOSob--QvORyoRgDY4yBg6Wxng

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitUIVRbwxiL3WDXY2XPYv3WoAawQS5M4VpJwAyqcvpAmeM9jzFA3_ahBIs8bFQqKySKvVxOSob--QvORyoRgDY4yBg6Wxng
Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBJAbJPig4U8ttvD49yGKNIh-YbGiY_5rb35MdFo0nacDcCYSNlxrR_rk48ozZXv_z8pQJbTtvGF3dI7pfbBAL-Dsvo9U&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: g50eug4u9n02da0venb0a3g7aum3quue

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ07otZ87uJRUeJ2RkYOQiEDl1KKRxoMCsTz9iN6F0t5j_DbKkxGy92hzUqj-z3519RDyT7IbNp4Z6-jLYx7t9oiT6HyYc

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJ07otZ87uJRUeJ2RkYOQiEDl1KKRxoMCsTz9iN6F0t5j_DbKkxGy92hzUqj-z3519RDyT7IbNp4Z6-jLYx7t9oiT6HyYc
date: Wed, 19 May 2021 04:46:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWkktMVUtM0hNVw==&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt7oAKbqpHewiT8Ecf1pprqnFc

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWkktMVUtM0hNVw==&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt7oAKbqpHewiT8Ecf1pprqnFc

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdHWkktMVUtM0hNVw==&google_push=AQvitUKnV2TuKyAMERGqGsXv-bFPUFcCOlmALyxdcbt86I5Pyb9lJtOuw-bc_N58lyBu_q3aVjt7oAKbqpHewiT8Ecf1pprqnFc
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5E16
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWv...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5E16 0
12 B 21ms
19ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lb6eHPPI9GkJNoHDSn65Ct3VJhMhOqOU8q80P8hH8nmRqOBUHj3KRujRrEUh6GkCuEccH7

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1D81 42 B
64 B 36ms
20ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssMIAW336WGm34U6CyUSMRk0prZY2bzIn8oEQlLhSCiDnZHy9FVmBY7ZZo7iqbmTBkKzTTkF9l2x2w6bgbwA1mp-LQgQQQtd3zZhvEp-XdkWoQyYGTvFTpKwZH50Q&sai=AMfl-YThCP9pVim5rZW22qg33EbRKA3bs-Y5pK8u7X6xuCiUetRe8oNeFgsJ6HY06YrFduPp1P4GOZSrJBI9kt_t6nZ7752iAW1hnI5xuK9N8ccAtUPbILNJLH_2bsU&sig=Cg0ArKJSzCCl9zHzidGpEAE&cid=CAASF-RoY5zFK8ZFUX1NsctkQ0VFON5wrUtt&id=lidar2&mcvt=1078&p=121,436,211,1164&mtos=1078,1078,1078,1078,1078&tos=1078,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=46142453&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621399596611&dlt=417&rpt=3&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3987 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5549
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3750 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35f8f1e44e29628c1f3976dc03085560f395d41331798fdff3324561ed23b843

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A59B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 05:46:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:38 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04DA
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

17ms
17ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 05:46:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 04:46:38 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 04:46:38 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame C96D 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514347
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2DA9 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514347
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29 200 728x090.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/ Frame E646 42 KB
10 KB 28ms
15ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca35476a2028b4862ecc9b2ffddfd3a522f274863aca8ca08c82fb7c9876069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10094
date: Wed, 19 May 2021 04:46:38 GMT
expires: Thu, 20 May 2021 04:46:38 GMT
cache-control: public, max-age=86400
last-modified: Fri, 16 Apr 2021 09:08:57 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 982E 0
415 B 25ms
24ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstVFQibw8PuVdmRlrTGB8Pl80CtDsOo9vum9-643NbIPQlkZbobe_sWHAq7EJlFedNwAL4TV6IItBnegatiX_yYMuIaAlFCjlVumd3ZJw_oGIGXReQA55jlmb1etSPBy5jDUnBCMGhYFrkfWfnVH9N_u7if8OR0olowsWI5MXQ6zMbMDZsKpLkA7Udo_M9br1EILQge5V2OZ_6INGghDy5X9sCQ73oagpDtUgOwDs8TNK7EUj8ZnCHPcirltMNnIUqTUEdSw6mfEqVGkE_psDGPpj_HqPc-MXObZRHB1fF0EEO0vD2fWY1qhc2yMimzDV0mpQapQHErFqNz-v9UTFH4TGTZiAiYXKsVClkt_rY4kEMwVGIAxNTBdgGbm5IKGf_vrYSfEHHEk92WF2aWQY2UZxRsFv17f2Wdr-3HI1tAHTD4eM5rKqf_BAciQYkffYn_b6vhtHKJ3WetbY1whW4HZsm_OrU5N1xb8ad1S8JYU7R8VBoy5YHyfjkq7y7d3O8z18REKwyGRd6cetTVwhJ-OA1MFx8T3OeAKGjlD4Sm3wvMthxIuB8iP9yinJV4yKp4DVsZTWpIRCDVwErDz03NDXfBUa0AFd0Sp6Z9V63zdIFfF_kbA4pNOarYnmJPZV8kVPzttLF6p0HVcJXgdGi3DqoXycmoc3ql2u4Yrf6q6f73z2QMXB-gENmqyVuF-Wn8veDvE2xxxHAEUQ9WACyfa5mletj4h5NwrCYRk2Hsul2kH5EIf5iUkDxiS_MvnvDHVlzuzvQywE2W3pAAfq0DrLQSCmgfLfE7bjgWSe130VYZHn7xEy4shBHseEeFSLL4Mv2dkXJRwEzP-jJikghBQ1xdHjyfnIZ3QL2dUCW3uFochmZXSm52TdVJqfyPm3-VvQlZaIeE5C9vyrz_sPLUCPgk40SYb6JGrgu62qpxiGl3zU57SQ8BB1wDOJFzF-lQ9CCl41fcNUybPPOdqmsfUwKe7gURTCK9VChmmoZe8n_3nU7e3K7zRTXA8uQ8rm_00SDrXIpHC8Lydfpc7fnos1sOhN9Yl_v2Cly40ye1LopHL9rtn1Kg7IwYBrj4grtHVE8PKAg6byv64a6QcBnlXua1v0iSePQxfIY01U6b3JTWWKGJ_wC5NG-bfEchjB136WCyCtlbUjoDC4blEGsv4vCy-BdWYQqGKM4U9lBWA8Nl7Cm3G28&sai=AMfl-YT8pkKr0fgFkRzRhEAr6sMNdedFf5yibwoMWI0XZgMZpXkxMYqI2ETOZ2AjjgoF-uxTpAD8kEfuEBqwOh5V3IvBeCSJQQu366yPLmI3mj27AV62De_72xr6wW3Srr2DNqIfRzWxw5DofpCI7zfr74qycpAkTg&sig=Cg0ArKJSzEGtqdLlH1V1EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=423&cbvp=1&cstd=416&cisv=r20210517.39302&adurl=

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 19 May 2021 04:46:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 112ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?oz_pl=1&ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//www.farfeshplus.online/vidmain.asp&ui=2f96f01d-2dee-8253-0000-000000000000&ap=&ti=5001068356410390840&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&pp=pub-8367749956917006&sr=4&de=43003&si=26264522&dm=336x280&ac=651871&cr=6622328&ai=216536&c1=4562306&r1=2a01:4f8:192::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:38 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.mediamathtag.com/2/2.4.1/ Frame 3750 133 KB
42 KB 31ms
28ms Script
application/javascript 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1

Requested by

Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//www.farfeshplus.online/vidmain.asp&ui=2f96f01d-2dee-8253-0000-000000000000&ap=&ti=5001068356410390840&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&pp=pub-8367749956917006&sr=4&de=43003&si=26264522&dm=336x280&ac=651871&cr=6622328&ai=216536&c1=4562306&r1=2a01:4f8:192::&r2=&r3=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2ee75081870589191b3013c69834e8ce2fea2399061134c8dc15c4dfca0eb31f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:38 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 42400
Expires: Sat, 25 Jan 2053 05:51:15 GMT

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 3EC3 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514347
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8923 42 B
64 B 19ms
18ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssKpCfFFOdBHjgoSsQE_dh-i2QA3DMkHTfxrr7-KGFE23a5Lgr84oGYWRQB3WVJNTvAAFV6j66YZZ-ED3lyYlBUgfay7JvD6otSp7rJ8Sz1PNpVlGcwvChacczoow&sai=AMfl-YQwwHhcLaN_F1w-pYwmDELTIWX6xbkR8aWdC12ybNpUguTmXklIypJ36_5scAthSx-sIQ8GDtREgr4ZvWsPVq_ZJWQSmAdxVe7v1PuBCqpXt4CUB-3uqqaVy9s&sig=Cg0ArKJSzDhbLXtktvQCEAE&cid=CAASF-RoQF6V9fROtnMXn30bM6nzoyXgMNs4&id=lidar2&mcvt=1043&p=0,0,600,300&mtos=1043,1043,1043,1043,1043&tos=1043,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1530395088&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621399596554&dlt=524&rpt=3&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C0DD 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 18 May 2021 22:06:38 GMT
expires: Wed, 18 May 2022 22:06:38 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 24000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK S-336x280.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame B046 77 KB
77 KB 50ms
15ms Image
image/gif 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-336x280.gif
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=67696600023845700951407011599025&a=04c3a0b3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: 389fea323237b8da675f0c2ab8b701a9a0637ec1e4bb3d4b6cc9ce5440abc1a5

Request headers

Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:38 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:51 GMT
Server: nginx
ETag: "5b55f217-1348d"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 78989

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame B046 0
150 B 34ms
12ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=67696600023845700951407011599025&a=77a70c93&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=67696600023845700951407011599025&a=04c3a0b3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900025.redintelligence.net/request_content.php?s=67696600023845700951407011599025&a=04c3a0b3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame B046 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562
adservice.google.com/ddm/fls/z/ Frame E85A 42 B
262 B 17ms
16ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWm4Jj41PACFfrFEQgd1IMEyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1782172000955.562?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0A9F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514347
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMtxMdbQEiBhP_zPKESdMeQ&google_cver=1&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_0qRXvC7WsnF0WAsb5E0qV5gMoaTJKvAUS5mdpyk-_g&google_hm=viUcxS...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_0qRXvC7WsnF0WAsb5E0qV5gMoaTJKvAUS5mdpyk-_g&google_hm=viUcxSTyNY3_0pEAkmFMjw

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUL9oXM73X6kXuK-k7Ca6u_EL7ngTkp95IdyhoEcLW9RVq5okw6Rt_0qRXvC7WsnF0WAsb5E0qV5gMoaTJKvAUS5mdpyk-_g&google_hm=viUcxSTyNY3_0pEAkmFMjw
pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULQiJ3S...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULQiJ3SWt48K5GpWWQyB_ZLOSSzW8wDFaPz2Gs9-3AZUBky8_46jhp2M86Qr1dd4E...

170 B
188 B

18ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULQiJ3SWt48K5GpWWQyB_ZLOSSzW8wDFaPz2Gs9-3AZUBky8_46jhp2M86Qr1dd4EGUtzP6qj0QTWHbT26TPeYdP5ep1cg

Requested by

Host: www.farfeshplus.online
URL: https://www.farfeshplus.online/vidmain.asp?ID=120795&Chosen_ID=&ZoneID=1773

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULQiJ3SWt48K5GpWWQyB_ZLOSSzW8wDFaPz2Gs9-3AZUBky8_46jhp2M86Qr1dd4EGUtzP6qj0QTWHbT26TPeYdP5ep1cg
Pragma: no-cache
Date: Wed, 19 May 2021 04:46:38 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 5741 43 B
106 B 19ms
15ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEEBy-eVTeyd4E_b86GJkpAc&google_push=AQvitUJ0Gwf3FAuxKghqizxiF-27tajFtRrjKINHfu8FgEx7mA_EtKQXLTZS4VwhQ8gCk92BdO4GhsjY-P-ACcWYmHRMZU5NK7Oi&google_cver=1
Requested by: Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEHYmkb22Cloy--QRgwP8qyc&google_cver=1&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKNOWWSrQun4RjOBwig3YqmvuUDGFtrYe09X6862nr8v7BkAisCdbRQQy027MqSnMKMzTS8mrDdEy6DHNC3pPOalwiW3Pv8&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 63pbq6fbu479dplofkv5c7bf70s2q7hq

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULS5hSbP9Qpz2toCSvB8frF1AXCwF44hAyUDEElf38rnGRFXlm-s9r3GWBfj1nTFCLxi4jeYl7HrM9s3evlvWHWa9Z-hPA

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C-B5lDNyRcGI9ik5Dq1r-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULS5hSbP9Qpz2toCSvB8frF1AXCwF44hAyUDEElf38rnGRFXlm-s9r3GWBfj1nTFCLxi4jeYl7HrM9s3evlvWHWa9Z-hPA
date: Wed, 19 May 2021 04:46:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENlLe3t_yyMgHe3guFylcIc&google_cver=1&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIQ1YtMUgtNTBVRQ==&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy-45_Q-KIUQX9of70rYDbKIBo

170 B
188 B

16ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIQ1YtMUgtNTBVRQ==&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy-45_Q-KIUQX9of70rYDbKIBo

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIQ1YtMUgtNTBVRQ==&google_push=AQvitUL84joYsU8YCF6bhnGJJ0VNRv-e_z7mjxt9qZFDOub9Ixf9EtgHmwd3EnaTiaw-mtqBARy-45_Q-KIUQX9of70rYDbKIBo
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5741
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELntcUZ-Pnu647gDqsku1iw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdO...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5741 0
12 B 22ms
19ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I2CVJ0rQhV-JqmMqtrDW_EFFCA8bAi42KazVmx80N58H27o4xItmeZo0pstxXmPdbx0woT

Requested by

Host: 734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
URL: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame E646 110 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 13:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54118
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 13:44:40 GMT

GET
H3-29 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E646 60 KB
24 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 04:46:38 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3987 35 B
210 B 19ms
9ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKWZxt9hWkMX4LtpQDogoYY&google_cver=1&google_push=AQvitUJk9nwYhFtooGq5ytt11_LZu4lcKZiwZFvW5kjDEXeT13AN_HBcE9vB_gXR3Q0qNg9gn2qXlACGJ90z6Yrw8N8r6YxqYlD_

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMV...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCRWJoVEhBNg&google_push=AQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMVDlV8Vuoa16hHPFXgGtfwHu2VLtFC7pByNBzf4QwVwUXnsa87BSEr37iM

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCRWJoVEhBNg&google_push=AQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMVDlV8Vuoa16hHPFXgGtfwHu2VLtFC7pByNBzf4QwVwUXnsa87BSEr37iM

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtTWUxnQUFCRWJoVEhBNg&google_push=AQvitUI5hcvq3Axi95fmGZ9AbML2ugY8GEXQqa3juMVDlV8Vuoa16hHPFXgGtfwHu2VLtFC7pByNBzf4QwVwUXnsa87BSEr37iM
Date: Wed, 19 May 2021 04:46:38 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULLYuxw...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULLYuxw3vUHOUcikuk3oxzxfh_ydUOWtxVDkOHNQh7vRjuAyzcly60BuJMfCrgNos...

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULLYuxw3vUHOUcikuk3oxzxfh_ydUOWtxVDkOHNQh7vRjuAyzcly60BuJMfCrgNosAAKSxquW-Atk_X9JDzFRuZi9zuZ26x

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MTkwNDQ2MzgwNTA1NDcyNDk5NjU4OQ%3D%3D&google_push=AQvitULLYuxw3vUHOUcikuk3oxzxfh_ydUOWtxVDkOHNQh7vRjuAyzcly60BuJMfCrgNosAAKSxquW-Atk_X9JDzFRuZi9zuZ26x
Pragma: no-cache
Date: Wed, 19 May 2021 04:46:39 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELsfmEK6D6aJa5Zz1XJhWIQ&google_cver=1&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV&google_hm=9XADIrTIz5gmgR3dQnZY2w==

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV&google_hm=9XADIrTIz5gmgR3dQnZY2w==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJW239QSiqruMj797PmtXKWBcuBh2Uui7uqRoEjhb9MyiQPzcGPYyf-KY4c_gxOZprPxzJYkwbSavx48_NYVOfO35JHQsDV&google_hm=9XADIrTIz5gmgR3dQnZY2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: mdkd3vkplb9g3f7cgib26n5if05ajtmn

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK0k6pDQfGQxsL8XWj5R-QU&google_cver=1&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIREctMVktRzlSUg==&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr5G7J8NvVTK2jYrNWEXmAfB1A

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIREctMVktRzlSUg==&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr5G7J8NvVTK2jYrNWEXmAfB1A

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VWkdIREctMVktRzlSUg==&google_push=AQvitUL_00kcb0ZUiDocaTV5aWF0_vhx-QieC48ng9S-NX3cZuWOba3qcw3O6ups0d3ruU5rKEr5G7J8NvVTK2jYrNWEXmAfB1A
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZR...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3987
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECgY1JuDlDvP-Nk4Xvbe0SE&google_cver=1&google_push=AQvitUKNOx2Am8tdXIzJasFY...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKNOx2Am8tdXIzJasFYLoXnwqGML-lBnbo9XGHfWwYYAZAi10Q4wbTqeIRjJ6qLkzenrVAem6B-vW5Bx9bq06a1QwR7-gjyog&google_hm=

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKNOx2Am8tdXIzJasFYLoXnwqGML-lBnbo9XGHfWwYYAZAi10Q4wbTqeIRjJ6qLkzenrVAem6B-vW5Bx9bq06a1QwR7-gjyog&google_hm=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:38 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKNOx2Am8tdXIzJasFYLoXnwqGML-lBnbo9XGHfWwYYAZAi10Q4wbTqeIRjJ6qLkzenrVAem6B-vW5Bx9bq06a1QwR7-gjyog&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 04:46:38 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 3987 0
12 B 20ms
14ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IrfxQ34vnfFPxfryIfmA5Q0_tH1hpNhDkMZacQMhGU-FFlEUpqsUN8gW56G2ASEBW3S9-yAg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:38 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 28ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?oz_pl=1&ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//www.farfeshplus.online/vidmain.asp&ui=2f96f01d-2dee-8253-0000-000000000000&ap=&ti=5001068356410390840&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&pp=pub-8367749956917006&sr=4&de=43003&si=26264522&dm=336x280&ac=651871&cr=6622328&ai=216536&c1=4562306&r1=2a01:4f8:192::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:38 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5517 42 B
64 B 22ms
22ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvTBIZclea7RrtI31KWXOPZG8F5sbGBAzit7d0LBov2Yrbfui34Q0QeYR38AaDE8uF0eZ3-J__EjMJ_WR81sjgJi0ioqG5JriqPyngqSzSwAMaJ7W9fcXvH8qxDYw&sai=AMfl-YQOmYC17puhl9mRtWmRPURclN4uWqoUhdQ6jQOviM_Zl4gYSwDec6_DT74lIsxsuvwRbQstyvvB6jM8Ccm_jqHUuKZvYPbf6ICHAynuSQYZdea_bfI0tU8P3mc&sig=Cg0ArKJSzLFnQflimryWEAE&cid=CAASF-Ro8-eCuWBd-tLMfXqUfTrBridHpLYX&id=lidar2&mcvt=1154&p=527,436,617,1164&mtos=1154,1154,1154,1154,1154&tos=1154,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1358258519&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621399596663&dlt=612&rpt=3&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 30ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399598868&oz_l=34&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:38 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 982E 0
23 B 19ms
19ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: mobile.farfeshplus.online
URL: https://mobile.farfeshplus.online/StreamVideo.asp?ZoneID=1773&ID=120795

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 17ms
17ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f37d6a5d3866f0d0a1ff6243e22d37fc63687b2e452b3ea58bd798a1b7e507f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7755
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 8D59 48 KB
16 KB 70ms
70ms Document
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=51e3884bbe6d28428179d7cc181dbbaa&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

002b55efaf484a452426433e9047d96223da3a1f9b62ead96663769470987728

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: odMcmfZ8SPByxTxZiRsxWV52CFR/EC8QLXqckLpjua9mKL679bNAffRfvCk39iWjwywVSFbvP9D+pYWnQtweog==
date: Wed, 19 May 2021 04:46:39 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29

200

feedback.php Show response
www.facebook.com/plugins/ Frame 6A02
Redirect Chain

https://www.facebook.com/plugins/comments.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.fa...
https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.fa...

112 KB
27 KB

148ms
147ms

Document
text/html

2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=51e3884bbe6d28428179d7cc181dbbaa&ua=modern_es6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be6ef353e045fd339ba1f956ecf4e4ec0988e3d8275a3e63240bd78cc31fc476

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-cache, no-store, must-revalidate
x-xss-protection: 0
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
content-encoding: br
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
cross-origin-opener-policy: same-origin-allow-popups
content-type: text/html; charset="utf-8"
x-fb-debug: e5NwRM89Lj+FXlyHFRhHH8dj+7RMAlKsbvMHlsn5OhJBhRAS3zqmr00Y8vgSpa5yhiT3/RsGMRg2QGP/oyKitQ==
date: Wed, 19 May 2021 04:46:39 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: yym4qcKUWiio5d3oN3TnBuwQMP81a26+W59mia6sL/8ttLP2x+AcrkK3JlJyUkk21SGZUtmoywe6dZkGt24H/w==
content-length: 0
date: Wed, 19 May 2021 04:46:39 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame CA2E 0
326 B 69ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.farfeshplus.online

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.farfeshplus.online
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1546
set-cookie: uid=f13d994d-8bed-4f1a-a834-f6c69c6ae426; expires=Thu, 19 May 2022 04:46:38 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Wed, 19 May 2021 04:46:38 GMT
content-length: 0

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame C0DD 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:39 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 28ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399599118&oz_l=1303&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:38 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3-29 200 FrutigerLTW05-55Roman.woff
s0.2mdn.net/creatives/assets/3807343/ Frame E646 32 KB
32 KB 8ms
8ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3807343/FrutigerLTW05-55Roman.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff4d9197cfd4b9f28300e0652a527c652c0c2b746231a490bd042c04132c0309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:38:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Jul 2020 08:13:39 GMT
server: sffe
age: 509
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32429
x-xss-protection: 0
expires: Wed, 19 May 2021 04:53:10 GMT

GET
H3-29 200 FrutigerLTW05-65Bold.woff
s0.2mdn.net/creatives/assets/3807343/ Frame E646 32 KB
32 KB 7ms
7ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3807343/FrutigerLTW05-65Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2cae88100e4c402e454488ec7d17eab3d98f569a559596b764716c5503b7fa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:38:21 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Jul 2020 08:13:42 GMT
server: sffe
age: 498
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32719
x-xss-protection: 0
expires: Wed, 19 May 2021 04:53:21 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E646 5 KB
4 KB 16ms
15ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9f15054a1ee84cb32b57a441aa1f10583273540213836beb704e402e5ed4dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4123
x-xss-protection: 0

GET
H3-29 200 60005582_20210505010038133_Stoerer_Airpods.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame E646 9 KB
9 KB 9ms
8ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210505010038133_Stoerer_Airpods.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38f8e7df0b8db7f0918d500b6e8883b124d403494ee4e55ed806c278112f1c74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 11:24:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 May 2021 08:00:38 GMT
server: sffe
age: 62557
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9051
x-xss-protection: 0
expires: Wed, 19 May 2021 11:24:02 GMT

GET
H3-29 200 60005582_20210505011504299_APP_iPhone-12-Pro-Max-AirPods.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame E646 32 KB
32 KB 9ms
8ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210505011504299_APP_iPhone-12-Pro-Max-AirPods.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4b455567cba51e8924882fa2a34431ea079a6f86d33d1da4dc628daf1a3a570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60649305/20210416020857689/728x090.html?e=69&leftOffset=0&topOffset=0&c=wmf2GIhPmG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 11:33:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 May 2021 08:15:04 GMT
server: sffe
age: 62008
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32429
x-xss-protection: 0
expires: Wed, 19 May 2021 11:33:11 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame E646 43 B
609 B 58ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=25124645_4307561_290978106_100380829_-0&ref=25124645_4307561_290978106_100380829_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Maintal, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 04:46:39 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 76FB 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 18 May 2021 22:04:35 GMT
expires: Wed, 18 May 2022 22:04:35 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 24124
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 174B 783 B
535 B 15ms
15ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8edad1e29afd622be88df9724eb1860285a57a063f01dbd235188f1719aae754

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sRssRVsIkAx8o6EenzC2xQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.farfeshplus.online/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.farfeshplus.online/

Response headers

expires: Wed, 19 May 2021 04:46:39 GMT
date: Wed, 19 May 2021 04:46:39 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-sRssRVsIkAx8o6EenzC2xQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E646 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 04:46:39 GMT

GET
H3-29 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame 8D59 400 B
449 B 12ms
11ms Image
image/png 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: fLPOz82Kintypg++05jkovKmohDQfz4pC+/qCAy4QNpl1z7WWAZburKtoAsvQNHZ3xWngZb7HPQrecMvDN7Gqg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uF0RL4E+h23ClLQmPOTTMw==
date: Thu, 06 May 2021 23:24:57 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 400
x-fb-rlafr: 0
expires: Fri, 06 May 2022 23:24:57 GMT

GET
H3-29 200 WCxGz8DHi1j.js Show response
www.facebook.com/rsrc.php/v3iEpO4/y6/l/en_US/ Frame 8D59 504 KB
132 KB 12ms
12ms XHR
application/x-javascript 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iEpO4/y6/l/en_US/WCxGz8DHi1j.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91be3f39533b913dc91cfe0b3f71c4ae70d92447a36bf39ca49fc08f9d618eef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 03:40:09 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 2xtnOMjdOrQeOsECynLIGQ==
cross-origin-resource-policy: cross-origin
content-length: 135139
x-fb-rlafr: 0
x-fb-debug: G/YD/Xr4R69vfIsIdbFuk7BgFV932GnP1MPclhzSEzZ6kHoV0Js7dxYQRS7+kILXVMzq9tfz4mM5NRQYaKfBnQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 May 2022 03:40:09 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 30ms
30ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399599299&oz_l=6413&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:39 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame B4C4 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H2 200 8eDvGkCjl1H.css
static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/ Frame 6A02 893 B
902 B 41ms
12ms Stylesheet
text/css 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/8eDvGkCjl1H.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/feedback.php?app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21a838872b234%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&color_scheme=light&container_width=570&height=100&href=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp%3FID%3D120795%26Chosen_ID%3D%26ZoneID%3D1773&locale=en_US&numposts=5&sdk=joey&width=570

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b50d0b9908176988cf95af97f912848e39a0fcc20f13afee5aae8310a9556e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: j9A4bjWK2zUCzkKDeG6qmA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 449
x-fb-rlafr: 0
x-fb-debug: I/71yi6YZ3jN3Vf3jqig+aTDMPRVEi0pag0jfuCQE+bln3uxPOgdnrtbTUhtA2syZcIEa+WuZ1JD4unMNlaCKg==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 May 2022 16:17:32 GMT

GET
H2 200 of3W6kmxqoW.css
static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ Frame 6A02 127 KB
21 KB 41ms
12ms Stylesheet
text/css 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/of3W6kmxqoW.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cb0b17af2e69cc2c148c2d0834edb7413541002a6146fcf387fcf316fd19905

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 90OHvJ4EZtjVln9Miwp8BA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 20852
x-fb-rlafr: 0
x-fb-debug: 9p4QY5FcxyZ9w/edK4UmJzB3vjCE8vSyOahUTyt7QfFBSGpXI57I50GUOP3lEMpKvLXFRzblrDNxdJgxaQvgfw==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 15 May 2022 01:14:01 GMT

GET
H2 200 h5Z-gFGJs7t.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yX/r/ Frame 6A02 293 KB
80 KB 41ms
13ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/h5Z-gFGJs7t.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

697a51d119f5d888957a94cae9d46a065a4f3ed150b6ec2ab959c951139e5a97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: FKAZUFoKnTOVCnlc+tRXuw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 81391
x-fb-rlafr: 0
x-fb-debug: I9NxiHR8LSoeNhDdalXR+Xsv4wl+9I5jpeg7Be1ZZAUMoj3qlANLe/Zt2eNhmjW+f6tvsGhrmhKWxYwgCS5NeQ==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 15 May 2022 01:43:21 GMT

GET
H2 200 aaX7kn3lXoQ.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7M54/yR/l/en_US/ Frame 6A02 155 KB
43 KB 63ms
35ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yR/l/en_US/aaX7kn3lXoQ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6f5933a16d66ff1aeb40fc0870693965e6380ec671a9c725bb99e6dd5cec11e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: yjjeScz6D+4uLB1hoUjnEw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44197
x-fb-rlafr: 0
x-fb-debug: emzF7XHoz1Q7Uz9XB4eOVTbGD2yMdqU+P4atDXyuDU+zVHablgAdNXdT42+mALD1VZ99elxbbIfJAN8kXXCmtQ==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 May 2022 19:57:56 GMT

GET
H2 200 68ELP8nqns2.js Show response
static.xx.fbcdn.net/rsrc.php/v3iPwL4/yn/l/en_US/ Frame 6A02 38 KB
11 KB 43ms
15ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/yn/l/en_US/68ELP8nqns2.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c0a5fca6cd62a36f0254804b7ffa74385a70e55ba869388f79b2b7c60bde77d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: HkVKc5cdrzw4tED9TJW7wA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 11475
x-fb-rlafr: 0
x-fb-debug: 8P024vJtU34Y2Uo7pBxjhhj4bxhmJbjr3QY5RHzRNH8LViHu1PY1agPg0S/AzyKWIckSxPSXu1cTathVJqMk2Q==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 May 2022 16:27:08 GMT

GET
H2 200 e5r4-M0wLBD.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame 6A02 35 KB
11 KB 42ms
14ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/e5r4-M0wLBD.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c5a83eabfb238c654e3791a5873f78692575aa779159a35f2b373ee0d767e1c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: daynVQWmFhHvfwcLIN/U8w==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 11196
x-fb-rlafr: 0
x-fb-debug: iV6W8/LEF6jDDLQ7LsQP+QTt7i7DPxUy7JmacBXo2KkEBrIBk1sr63jJS5P3Ay0fIKj3rWHJKQs18Vuk29lvYA==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 May 2022 16:25:24 GMT

GET
H2 200 43vcgcOkvyz.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAQZ4/yG/l/en_US/ Frame 6A02 1 MB
322 KB 62ms
34ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAQZ4/yG/l/en_US/43vcgcOkvyz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e109c542f49632f5b2836ef158661155f82a7e9a4fc1898711ab11f615442438

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:39 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 3QWHRxuXUxsvxe8RZfKhMQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 329463
x-fb-rlafr: 0
x-fb-debug: kRRr2TFQuEPvOM3xppD3a0CMs4SzL26PuH6QKpZtpOkdXU5VzFpYqcejBBQ4FtetQ5R0XH9SMKsfjnefMXPaeQ==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 19 May 2022 04:16:10 GMT

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 8D59 67 B
97 B 41ms
40ms Image
image/png 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1621399599296&t_start=1621399599296&t_domcontent=1621399599321&t_layout=1621399599408&t_onload=1621399599408&t_paint=1621399599408&t_creport=1621399599408&t_tti=1621399599321&lid=6963858252250255999-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=382287608570983&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df354adf99c95d8%26domain%3Dwww.farfeshplus.online%26origin%3Dhttps%253A%252F%252Fwww.farfeshplus.online%252Ff3d016407f128a8%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.farfeshplus.online%2F&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&size=small&width=50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: avnqdQPEQth9Sl5NrGzjqaBL4pGYTEa3UbLCy1yasbVM9k/NkbBoWeZ3Bvvh06x7QYwrKSwOrk3GcGoEWyq3XA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 19 May 2021 04:46:39 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 76FB 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:54:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 514348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Fri, 13 May 2022 05:54:11 GMT

GET
H3-29 200 4vSS-ujAKMP.png
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 6A02 51 KB
51 KB 25ms
12ms Image
image/png 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/4vSS-ujAKMP.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/of3W6kmxqoW.css?_nc_x=Ij3Wp8lg5Kz

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d00bfeea80983c9ff4eb0438b76f2e7242c288fa5fb83c938be74893fad5a5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/of3W6kmxqoW.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: ZF6HYi+dIXmTayRpZvbalNflVdf+g28boB5NKRtxji71uBm/3zQ4a/iOaocEckqK3rJt/6uTxGvpTA/7DHtNww==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: umwqwUgDRbunxPVSLaal0g==
date: Wed, 19 May 2021 04:46:39 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
content-length: 52671
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
x-fb-rlafr: 0
expires: Sun, 15 May 2022 01:43:34 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 31ms
30ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399599693&oz_l=6040&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:39 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
DATA 200
OK truncated Show response
/ Frame 5C0E 13 B
13 B Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html;charset=utf-8

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C0DD 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdLUtLZikYLmENZmT7_UPvoK7sAUAAAAAOAHgBAI&bg=!PzylPHjNAAZ7hX_Ue4U7ACkAdvg8WuhvYUek_AfcFNkA2VjJTxppVc_UQ7xbT7X7Wx1Z7OJ0j-cZnQIAAAJMUgAAACNoAQeZAvPpFOqtu7xr2wAns3nuf6tXVizdAlKrHj852sRKuRH0czPhxM0PUBfXPzRJAynVO9rVb2iWhzRygGYfyMeCwLlFiTcKzr0K-UsEMXjfXkkSh04w-X_fHPc1NW0uFev73Q5g3W6aFGmG9HqXFAzMfjzXXgCwnfl7JPSPn_d6hgSEdi352l6Osq-JRavokUOg8CONbryZfQT7c2_pE3mRjf_NfAd6NCdxHYNIM_3GCuN3SyPPwrqcq7MYK2gVz5ZeBCfmWieGmOIbxzO9UqDCxAeo3G6WV5fwcR2eAP_TkrkXWbicAgLDOq4x8oEvHZhtmOf_bGGX7ZJ7Vfa-8p85ntmwgeFYqVyXxXTJ0lTOPjtZqJ_g0MKUfnQoiSI2SwMpPg9sveWfDSISPfMXHA57JWAStrKH_L_wUqhSa_sZNyc_s0gYRiIRATSio37oxEIoxAw-_QTV7xBwHPsDW-JAZDwDwq8m-7CoTBt7Y-_6z9_sv5A4F19AGTuQS_vNuLph1Bss8cRHvoGdYNQVhyqytA6Zxoh2Z0kfJ52T1ZgTY4CVLSdJxbv6kolMFz1gLupzyw6AIS0vFXPm3EEeQlBXGFQAgudxIYfB8A1WAwJX1HR2YqffO_pK1cggvNJY7cUMw8WwUi3Row0N6Shigm8Tkwa1DkNqhV05UZU05hfN3sqlon1YqGi-RilDk7yURXJZtqGJOA3O-Fn5RiGx_7mJCcEi1OX8H8R3Shr5EehtOzlB4R7AOqbb1t_duBAcVNhy2Kf0HJOddcAM3OtXSVJJgXoJMuQOorvKwvLozIQZDwEHtiOlAOX_lgDqZ_SKD4aSrc4Vqlm4TgP3-GEhdEk3RXb_P4tz70ylyEZe1fPjwbOjsib0NQ9TeUtJbcQpIyfg7Id-pEhPTkNYLRQZzvS4aNNCaNu8P3jB990hW_J9dXJXugTb3-wJXYpvOtTnaJ3EDUS-Bm9w0y6zMJr0wyGhGWff2UgaNKNIWOg1PSzoLxMEOk1GcQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 28ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399599883&oz_l=178&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:39 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 18ms
17ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=1395230846843737&bg=!CwilCEzNAAZ7hX_Ue4U7ACkAdvg8WnqJYWDvRNRTKqaP-3Oh2Df0z2WpaQR9U-Bo6KSK4jd1VBZpuwIAAAEOUgAAAA1oAQeZAlBdSQx2r5JNoJtRGyMt3YazsLhtjSp1T9yiff_fcYBQOfzl1xP2HYkyZWUV_dAwfQkZ4HJivhlzxghkoDP_Q5ThtrNXcF2uEhQ4MpUVyguvyOO4KaqqF6e6QbF2XffvaPXopoAW4nSxisoI16zCxZ7yiVDdknxIXGfrk6stR7aIvD6kMxnHEAFO4AyiEaCT-QZheiACB2InXC4a4lvT6qwDf_idXRgj3TcB84C6oYkp5jCpDk1HwYw63f5_XYi3_aQTCOmoslgg-VgzHohzk3Rg9Lnw6gFSSCHVHU2nYQhqIifvBjJuoAZu2orpoTpJJ8M5-VlW8rX7mwi3AHmZo9xv8CWFFxXe243KJxZY9XDBCI6ZOk9YQvNxWOgpcMeuEcML6krwLvK0HIn9zvCOc7jisabAQwBzEsAHbeLOsjsGUoKUN2i6cBni37RU6o7srWf6JhzIJuu8ySMGo-kBpnT7VM4aKStMLQqL0gSYen_3iOZ3cl4pFqkih769tQpQtum4zHLkJ6aT_pYGcHZG6BEerpRKNiWg44d4gt4o0jfW3bzS9aYsAh_vYvYr6Rr2n5K6ncDoFbAhMbejU8YRYLNzR-t04oHDg1MJVw5Y3nBuBzE1wiIkeaRJSBUyqXrUHvCEQ7NYeSqteJS5t3dObBKvZictlvjulkKldBXFINMvG8eDii2ODNUpKcqCwB5rSFZQQZ-5MznqmJBTMswRGHeHkCMPHkxfM49LsXYvZgq126X7ZIHYUvp-7RQpaF_fw41f963ATfrGagxpTBwrl76I

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.farfeshplus.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 33ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399600039&oz_l=104&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:39 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 29ms
29ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399600203&oz_l=1199&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:39 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 39ms
38ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399600366&oz_l=19984&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:40 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK 9fbec898-206a-4077-bb08-eb1fded9c1b9
https://googleads.g.doubleclick.net/ Frame 5F56 476 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://googleads.g.doubleclick.net/9fbec898-206a-4077-bb08-eb1fded9c1b9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 573dd332efcaf9ab1ae7f7e72bbbd65aa0c6b9223c4bcead7be3aa25685cba4e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 476
Content-Type: javascript

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 31ms
30ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399600590&oz_l=689&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:40 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H2 200 rs Show response
ad4m.at/ Frame BAAE 1 KB
1 KB 19ms
19ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2d1597b62635da6ea02f357233e1440ccdb2f3c5b57b2693c6c35d2291dc7dd

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kx360an9myjhw7nvcp96ge93mvw2zawc2vde6gy1j4hmq2qz1fz4kt7sr7cs6nw9696mkmdkvq9h6p9mx65vbh03qjerpb33w32tcd65jxjne1hn2bvabh6tjxenxb5k8q9kgyeft78vcmg880dwaq5v0sx57zy1701gxb4a85jd0kxcnwd5k78xqb6jbnn85jer72xpxvvvasz6y72v80bbsy30gxtxq444qjpjc8whcreq551ew1h6m1gmhvw5c384wjwh81ha82a7ge6cx3y26e6k6wfntm2k1zr0xn993dw8bwgk7c7ntya4t7j8wf07ytpgs4064z5wg8267yg893tfvy2hst3q90m6n9sd1k68jz7500rf5j0y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%26client%3Dca-pub-1231661633440980%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-hn3r
cf-request-id: 0a248b979400004de29b932000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LWeTTBeLlUpjqdc1GLeQWLGqI2xxvadN9fBBYMxCG2FXgOr%2FGub9kh8L7QNHwEMwgbMYfNQDpMSrIsSusx3PklYdUbPa22%2FGS12HdzFfUWwl8foC"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 651aaed288c74de2-FRA

POST
H2 200 rs Show response
ad4m.at/ Frame 25C3 1 KB
1 KB 25ms
25ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b58f46fa2ba24ba2b09889e2cc76ea0645813ae2e374f3aee0c1e16ccb4eb13

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hsr8s6yj3gckaffp7c498h2rd8hn7k6e0m60dtdsw0t4svqgm8gr6m2tvjk7r8xwjwqebxhzm8y6dxarg5xbq0bxqwb6g8ks2thc6c7wy6zrw40z70sxzxj19nam4ev0fr6b34hnyctq90z85fwsh8fbq0y429x3jzz63azj3h0f9aj7snnvkyhfajpxamp7esmgmymzkbny8hgmd55awxnwsje862e8pc5c89chk8wvrecys9xzv8y31jepaedc7am9bpgyaq198xthfg7n70vrphndnc77qnv1av5dd4a8bj6h5y3qth257nzwk4jed14tf9hyqs6f0f4aj01gk3951srkwz8wxq93tsrk2n85m2vg53t6t3etkfe0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%26client%3Dca-pub-6266313190087173%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-hn3r
cf-request-id: 0a248b979400004de2338e5000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FZJzuuH99oR9uEo5E6yQ4RIKLdwPcjxQ5tkqPNVQQ%2BP9tI5sz98CrS5Ol6nW5akqktKAzqm3ZQ2sBuHLP25KcGN5uGMHr6ZjpA0Dv38MSM8pcfgj"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 651aaed288c84de2-FRA

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 5E63 9 KB
4 KB 23ms
21ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d82d1d22044542d02e2de019ea245ea562c39430121768daed76b7443ff63f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a248b97ae00004de2a4a89000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 651aaed2a9114de2-FRA
content-encoding: br

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 24AB 9 KB
3 KB 23ms
22ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaf307137bc334beb3c196e81cbfd767137df69f096ec46e30ad0b4e4e3ce15a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a248b97b000004de27c352000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 651aaed2b9144de2-FRA
content-encoding: br

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.5/one-ad/ Frame 5E63 59 KB
7 KB 19ms
15ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.5/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6eb2eeb98d7863e83999538cf81b884b389af4236e217f80eb7e6e75bc0113c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 140050
cf-polished: origSize=60655
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a248b97cb00004a86c7b24000000001
cf-ray: 651aaed2df394a86-FRA
expires: Wed, 19 May 2021 05:46:41 GMT

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 5E63 18 KB
19 KB 19ms
15ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 79248
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-UxOw4oNXwikwUfiTkChJrYWQtGY8orw3fcfTM11QasuRqBvlBfhs6xXhJwbh86lUMk-yy7iywKzvHN3658inXCGp-vNhA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18872
cf-request-id: 0a248b97cb00004de26e006000000001
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1oXT6W1xTN5NeN%2F194Xx7zaZStV%2F%2FTfG1qnjNSe09GwK9ziRyOpZnjTfOyvyJ6lssC0WNul7FbU8eraZFtgMa6DUsqcHvehaPkqsmr0dj%2F8bBYPaJadpcSpjGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 651aaed2d9604de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 5E63 2 KB
2 KB 26ms
23ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 181423
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ABg5-UzGiRR4yimbWKfGJZpmBb7Y7HRFdwG_OsOerIJSuqRrvfrFIfTgIYrYfkjPNAsraqsGAdYkDRgmZq7_XAan-8Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1598
cf-request-id: 0a248b97cc00004de2a9b95000000001
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ep3pAQjZg7z5nNK8hdrBkY8HMVA65mGDiaZv8RPUEH3FCyYdFumh0Y2i0YhFdbQKffygAMpeYBfQ7RKYcuAsfWvHJ5zacye2xbgXNDujH5m2u4lhT%2FBmNUiWvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 651aaed2d9654de2-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 5E63 43 B
705 B 65ms
23ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 5E63 38 KB
39 KB 19ms
16ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1156473
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ABg5-UwWzV8Vi9wwWB9_t92BZ3hXsqxnGcNPAW0LaVCSpyGkAeICaRXs_LpZzjWYyirMRzo7C0cmfApc-NiuzLQfsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39202
cf-request-id: 0a248b97cc00004de23289a000000001
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BWbLOCNMTZLTD8U622xnq%2FnVm0w9szPLrYJsoUEZh4MYc72d3FKYl2ioYwgWDEjLRW5GDuy54%2BqEdMJgf3xUGzj4rFxItwzQuVGjeKK1VKKeVc1V1SlnLhWqYg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 651aaed2d9664de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 5E63 113 KB
113 KB 23ms
20ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461941
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ABg5-UzUZIcCBFc2yRHVskFkCHgIz-FjGHX-yNU58TQRA1v2Vn4M_mR1Clqu4zD4eYe2DHYymBnsXa-fC2xIXXhTEY44ynzw5g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115268
cf-request-id: 0a248b97cd00004de2762ef000000001
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oItUKD0NXN%2BVSU8857e4OXVwx7ZZhCgOj65suKoT64JWXD2WoQwo7LSzR8e1Rl%2FAy%2BqOVIfiroSuRC%2FXBVeR%2BSR%2FSxKmOT%2BMaPqffN8KBkwX4kveG6gmMpmv3g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 651aaed2d9684de2-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 5E63 43 B
702 B 66ms
24ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame 5E63 38 KB
38 KB 25ms
23ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1156497
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ABg5-Uw9SETLfk8DtyWaIZce9Gh3X03pLd54DJnm3xkNEbvc2Qt-5aEHU4xCUXItiX2PkICfwMdkPoDB6Bg1d2Cky_8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38696
cf-request-id: 0a248b97cc00004de284af7000000001
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=51K1hfJz5PCUqpbrX3CxILXxyRcw74%2FE2B4YSsn6DZZf%2B0lAR4ewvZpCd%2FXXqrimvmC1uaMlFFL7QplTvVXe7oiXi3pxOALOnpNIbMkpN92FqYrxjeatiHc56g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 651aaed2d9634de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame 5E63 84 KB
84 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2274555
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85604
cf-request-id: 0a248b97cc00004de2473ad000000001
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=98bj8gW0uUfL4hB4ZVHtaYUK%2FPzrbHvmh%2BwaGw9X2J4Wy7ra3Pl%2FZBv3DIWaHopYTTrdLZKThkt%2B%2FIZByax%2F7AcQVbN9%2B5DxPoIrgDdHCpt38kVcSxhJCabQ6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 651aaed2d9674de2-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.5/one-ad/ Frame 24AB 59 KB
7 KB 16ms
15ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.5/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6eb2eeb98d7863e83999538cf81b884b389af4236e217f80eb7e6e75bc0113c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:41 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 140050
cf-polished: origSize=60655
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a248b97d400004a8667bdb000000001
cf-ray: 651aaed2ef524a86-FRA
expires: Wed, 19 May 2021 05:46:41 GMT

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 24AB 18 KB
19 KB 22ms
21ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 79248
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-UxOw4oNXwikwUfiTkChJrYWQtGY8orw3fcfTM11QasuRqBvlBfhs6xXhJwbh86lUMk-yy7iywKzvHN3658inXCGp-vNhA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18872
cf-request-id: 0a248b97d600004de24601c000000001
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0tcaPK1L8SUwfJRBFNWFWSXk9vGGtjHptoaGVk5zaO6Lq8I6hT4cTl9PxOojLiFN5C0YVh3tHKUgl5uSdQx4VZ6PPZbkQIetN0sY6I7ra6eREBHGrFxo%2Fgh9Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 651aaed2e97c4de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 24AB 2 KB
2 KB 20ms
19ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 181423
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ABg5-UzGiRR4yimbWKfGJZpmBb7Y7HRFdwG_OsOerIJSuqRrvfrFIfTgIYrYfkjPNAsraqsGAdYkDRgmZq7_XAan-8Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1598
cf-request-id: 0a248b97d900004de2411a5000000001
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R3BRGWy1IZWAcBDBR90fmSd9fJYM4uC8R7c4JwFa8TsGfdbDzgUVYsyFY3c2HVF5ueAayiVr4061jQms6xRpRbXMF20JQ70j5AoSSW4AsND49AwlbsoODP81pw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 651aaed2f97f4de2-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 24AB 43 B
705 B 60ms
23ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 24AB 38 KB
39 KB 19ms
18ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1156473
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ABg5-UwWzV8Vi9wwWB9_t92BZ3hXsqxnGcNPAW0LaVCSpyGkAeICaRXs_LpZzjWYyirMRzo7C0cmfApc-NiuzLQfsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39202
cf-request-id: 0a248b97d700004de2690c7000000001
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XjOri2C24PeNHi6b3htxTAGRznzg1ceMfJpn3%2FgeurMf%2Fj3CIkGG5xqPgRM%2Fg01W%2FS4oRC79laYImy5T17oHS5ADufH6S0l9m0S03IJzvT4zoo0IK2gqpuVCUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 651aaed2f9804de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 24AB 113 KB
113 KB 18ms
17ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461941
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ABg5-UzUZIcCBFc2yRHVskFkCHgIz-FjGHX-yNU58TQRA1v2Vn4M_mR1Clqu4zD4eYe2DHYymBnsXa-fC2xIXXhTEY44ynzw5g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115268
cf-request-id: 0a248b97d700004de28b345000000001
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8zbxk3YHVAMXIDA60ddbz3LlydX%2BA9OS7gDGEToY1W4zzuJqMnAPetaUAhPY2B1n8FXlM8uXfTtFw0MaPypNJeK%2BN%2B3NGXBm19qvumRruq2yj1ZwHmeftAZgiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 651aaed2f9814de2-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 24AB 43 B
702 B 77ms
29ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame 24AB 38 KB
38 KB 18ms
17ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1156497
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ABg5-Uw9SETLfk8DtyWaIZce9Gh3X03pLd54DJnm3xkNEbvc2Qt-5aEHU4xCUXItiX2PkICfwMdkPoDB6Bg1d2Cky_8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38696
cf-request-id: 0a248b97d700004de273921000000001
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KQUS%2BPNlIw1qfHcklTYKMH6zn9JW3fdO5MesiV2ViWJqP8uNnstU6rXO9V4iPNGei4F0qY%2F2T9EUYf6netCcqVTRiYZ6YSVAGqYWEH8XuBPHtZgIL8GXD0rvDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 651aaed2f9824de2-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame 24AB 84 KB
84 KB 18ms
17ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Wed, 19 May 2021 04:46:41 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2274555
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85604
cf-request-id: 0a248b97d700004de2578eb000000001
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xf4FAYI9%2FTluFDkn%2Bho4TDBcjtngNLxiDRmRSH%2FbuU%2B6g62nNGEVQtyVHgruyIRZnxwkbVcFZpw%2BseU61QJFfwbOQ0BMupaJD0YiSTvoIX6b4%2FnJndObOafM6g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Thu, 20 May 2021 04:46:41 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 651aaed2f9834de2-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 5E63 12 KB
12 KB 167ms
94ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 96cc475fbb957de7de8572a4b532b7a9fe90386b3dd10ecd07728cabf2516ff7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Last-Modified: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 24AB 12 KB
12 KB 171ms
99ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 7a9fa78ad1b4910f80ed85374da8e3b6b59098b6387bfea1949bdfea54ee8e65

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Last-Modified: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 5E63 60 KB
60 KB 101ms
36ms Script
application/javascript 99.86.242.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-110.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 07:59:28 GMT
via: 1.1 f39b904b3d29bdb5e473689299f6dedd.cloudfront.net (CloudFront)
last-modified: Thu, 22 Apr 2021 14:01:05 GMT
server: AmazonS3
age: 74835
etag: "4f1db9fdf90b4f2a5576501528dc54bc"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 61124
x-amz-cf-id: PlarCAXcMRwFvwddWLqlwHnFgtBs7vd3sfU8vg1shQLWvEfk4mrJgQ==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 5E63 79 B
374 B 94ms
33ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=V0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1XdvSV33kxQ_i.uJtHoqvynx9MsFyxYM914Ve_clrIU.0Y.KI0YXxY_FeAiw2w76sHz3YMJ5tFFg4K1kl1BNlY6SXjV.Bbt&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221621399601%22%2C%22%22%2C%22%22%2C%22%22%2C%221776919601%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=e661c8bca8ddce56f7e4d5a50d5a663d&userIP=89.249.64.164&doAffectv=1&wgtime=1621399601
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Croydon, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 5E63 85 KB
85 KB 61ms
23ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidKe6fRfZf5Gps5HMHktPtBX8uKtATwponeid__adf_Netmix_Reach14_Single&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd39428674fafd73cb4db9dbd96d518%2F134329896280313175&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20t95x3zhhthgff6164ptng8pjfbex9ks8h2x4t2wgkqjphdx7y6t3xe6mf3kr1ecqyjftmt39rad6zp3pr3cs9fb2v2w56rjzb59z4w94ce2sqj013a9r5dfrm7bqr2d5d13cnzn3mphqb37qxy51fmg9ds7s6xdykayq3kzt9rr922dfy60t19cp70t54yc8vj2wj58fw2dv8nf8tvgne49gjn1eze2ss23r0xszqtkj0y9y296f6vzdb8j%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCCHwSLJikYOqGFpnygAf6qJTQC5DhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTIzMTY2MTYzMzQ0MDk4MKABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QW5N0Dmb-GpOhvsoC4XXXmtJ8eTmC9fMM6AkJ4qzEvDZJQIfyv3Umr6tcSGuXpAWhvj2rjUMLxhKljmjVrvtpMwT4NOpruvRd4haYEi4_w_MA2uv4P18iBXJ9ic1lzWaYV0Ss0zpV8CRLdUs-ega8rNmbLmz6-CF73b9rjvy_1gxhuriAfTEMcuqgO1rGzhD3D-ZYW2hf07TInMRqh2_b3eaResyuvP2T_CV37-fEkMGnIwzm7cqaAsTot5VH6dJIFqfzjDfrG6dsYnA8nEISeRCbXKm0M8VZcLcIsaaGLP3hgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0IkdfNgDpjN_KwdFskJ2UNgFs_Zg%2526client%253Dca-pub-1231661633440980%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Last-Modified: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 24AB 60 KB
60 KB 86ms
36ms Script
application/javascript 99.86.242.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-110.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 07:59:28 GMT
via: 1.1 f39b904b3d29bdb5e473689299f6dedd.cloudfront.net (CloudFront)
last-modified: Thu, 22 Apr 2021 14:01:05 GMT
server: AmazonS3
age: 74835
etag: "4f1db9fdf90b4f2a5576501528dc54bc"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 61124
x-amz-cf-id: O3J89haMKUXIYfwtgeKt5ZtMJ9ZEa4wzGAEvaB2-t3rf3_WFaLgfEQ==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 24AB 79 B
374 B 90ms
32ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=N0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1XdvSV3DWKmr.S9RdPQSzOy_Aw7UTlf_01kKHoNvejV.lV9dVllTlmcK4rT0y32w8UXGfe2Rc7L1eWNNW5BNlYilMk.EvY&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221621399601%22%2C%22%22%2C%22%22%2C%22%22%2C%221776919601%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=e661c8bca8ddce56f7e4d5a50d5a663d&userIP=89.249.64.164&doAffectv=1&wgtime=1621399601
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Croydon, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 24AB 85 KB
85 KB 60ms
23ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidbWPSQfZfp5QF7CbHztKtwr5uet3t5ZXoneid__asuidmXZBcQOKyX4_-SWlrIqr1tzuT2mO8VYYasuid__webplexmedia_advancedad_468x60&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=5fd7982c3b0d5ec62560e02a2b946058%2F1266504328199136641&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20mtpsvyp239zm9a3prebsjf43mdjndrm6p2eahwkya9ddyhwyx4q7hyg4k3kwm17zttbf6q0kd33gypdwjevh9315dtj2r87nrrnkn97n35cef98h82xap4h6b7tc17xsyf5h32mhh4kajrs9mmw9h94bnrgpb2zsddhfh3vfcctymxfb092p7rqm8c429rk2ye95kv1gdrgeft0nex16krtdw9nx7ebe0kkd0vhcv3mspba93bqvvqxgj9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCAfzNLJikYIWFENXO7_UP1-acQJDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNjI2NjMxMzE5MDA4NzE3M6ABwq7o3QPIAQmpAqLxzc6bgbQ-qAMBqgTjAU_QQoOxdTA4LJnPqqX2hXFRkXj6aoqvpVxZCvXgCIMGEQdAzAlS18vwpFtvsAdZZ4iTUCaXYyFNYZHqMZCtfIKZrWz8F-bwMlX_Cay1gXThyeMqfvFoKesd_Ygp-VZUJoXh1aqdGPL-Ggh7pVlrR0cEFKxX9tr6gx4dy0HC1o9Zcxr47MndEyVQ6y7xqwGYgWQLjdBGS2uQfflm6VRT3XLBSQhFFHISMXTb0em4nC90wyuSwe8GkGAlwK4-q08wl0j3r1VQyFNsAQzSXaquqweJayhEE6jeWmXskHCboBxttGFWgAb-lKmSp4_J-P4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2K2MDGdFdCHYuhbQv6J1S2RZR79Q%2526client%253Dca-pub-6266313190087173%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 04:46:41 GMT
Last-Modified: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 24AB 63 B
270 B 107ms
33ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=V0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1XdvSV3.WIRhk6Hb9LarUqUdHz16rgPtFFg4Jh5Dufs.BN1eNBRMgRe4GSrVUW.z1MsZPuVr914VecL57GY5BNvgKw.DKu
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 5E63 63 B
270 B 108ms
33ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=V0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1XdvSV3.VARhk6Hb9LarUqUdHz16rgPtFFg4Jh5Dtfs.BN1eNBRMgRe4GSrVUW.z1MsZPuVr914VecL57GY5BNvgKw.Ecg
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:41 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
27ms Preflight 54.217.57.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 54.217.57.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-57-115.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 24AB 16 B
232 B 59ms
58ms Fetch
application/json 54.217.57.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.217.57.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-57-115.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.3.27

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.3.27
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 tech-essence-clk.min.js Show response
analytics-wg.webgains.io/ Frame 24AB 44 KB
45 KB 34ms
32ms Script
application/javascript 99.86.242.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-110.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 19:29:48 GMT
via: 1.1 f39b904b3d29bdb5e473689299f6dedd.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 10:42:29 GMT
server: AmazonS3
age: 33415
etag: "8c03dbb33c82f21c7644b0fbe99c300a"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 45522
x-amz-cf-id: aeOucU5xGtlocTiTEIGOdKk2J_0sWmk9Q2dfzNJep0tfV40nZ1uuPg==

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 5E63 16 B
232 B 60ms
60ms Fetch
application/json 54.217.57.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.217.57.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-57-115.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.3.27

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.3.27
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 85ms
27ms Preflight 54.217.57.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 54.217.57.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-57-115.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H2 200 tech-essence-clk.min.js Show response
analytics-wg.webgains.io/ Frame 5E63 44 KB
45 KB 33ms
32ms Script
application/javascript 99.86.242.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-110.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 19:29:48 GMT
via: 1.1 f39b904b3d29bdb5e473689299f6dedd.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 10:42:29 GMT
server: AmazonS3
age: 33415
etag: "8c03dbb33c82f21c7644b0fbe99c300a"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 45522
x-amz-cf-id: nGONIiUWMSEzmkI02EW0fx9CY3t6kaE5pR2hPh8f_Qam2pFP-r6mmg==

GET
H2 200 tag Show response
w-it.m-t.io/ Frame 24AB 18 B
204 B 53ms
32ms Script
application/javascript 2a00:1450:4001:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/tag?type=impr&date=1621399602182
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-cloud-trace-context: 20cceccd747eeab1a146a2f0187df900
cache-control: private
content-length: 38

GET
H2 200 tag Show response
w-it.m-t.io/ Frame 5E63 18 B
123 B 48ms
32ms Script
application/javascript 2a00:1450:4001:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/tag?type=impr&date=1621399602187
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:46:42 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-cloud-trace-context: 9498fc49ae5e26e1c279cc7bfa3fc9b2
cache-control: private
content-length: 38

GET
H2 200 track Show response
w-it.m-t.io/ Frame 5E63 0
75 B 28ms
28ms Script
application/javascript 2a00:1450:4001:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/track?campaignId=1384975&clickId=12607_1384975_16213996012049_d9c9a40f56&programId=12607&expiry=1776919601&acc=wg&scriptTag=&type=postview&indicator=f0a039dfd07abc721dc84d209fc13169&
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cloud-trace-context: 9094fada55644b780cbf5535841e45d3
server: Google Frontend
date: Wed, 19 May 2021 04:46:42 GMT
content-length: 0
content-type: application/javascript;charset=utf-8

GET
H2 200 track Show response
w-it.m-t.io/ Frame 24AB 0
72 B 27ms
26ms Script
application/javascript 2a00:1450:4001:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/track?campaignId=1384975&clickId=12607_1384975_16213996012153_051b98b698&programId=12607&expiry=1776919601&acc=wg&scriptTag=&type=postview&indicator=f0a039dfd07abc721dc84d209fc13169&
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cloud-trace-context: a9d9112e5cde2460cb5509ae7818f0ea
server: Google Frontend
date: Wed, 19 May 2021 04:46:42 GMT
content-length: 0
content-type: application/javascript;charset=utf-8

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 32ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399604904&oz_l=311&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/ Frame 3750 0
145 B 28ms
28ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.4.1/619621/AIoeRdYAEAPd_ncq/postback?ti=5001068356410390840&dm=336x280&ai=216536&r3=&ci=619621&dt=6196211556140246740000&pd=avt&cr=6622328&r1=2a01%3A4f8%3A192%3A%3A&de=43003&ac=651871&si=26264522&c1=4562306&r2=&di=https%3A%2F%2Fwww.farfeshplus.online%2Fvidmain.asp&ap=&pp=pub-8367749956917006&sr=4&ui=2f96f01d-2dee-8253-0000-000000000000&pv=63b84406-90b2-4fa2-b184-eabf66bbf182&sid=AIoeRdYAEAPd_ncq&oz_sc=6f75c174059620a076738f1c&oz_df=1621399606680&oz_l=324&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.4.1/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 04:46:46 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 6.gif
dzc-v6exp3-ds.metric.ipv6test.net/v6exp3/ Frame 5E7A 35 B
410 B 48ms
13ms Image
image/gif 2a00:1450:4001:813::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dzc-v6exp3-ds.metric.ipv6test.net/v6exp3/6.gif?ipv6exp=dzc&p=p4&rnd=gnqlcqwuve7f2&hmac=r7xkme2ir5npf3pm&nonce=166003

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
dzc-v6exp3-ds.metric.ipv6test.com/v6exp3/ Frame 5E7A 35 B
410 B 50ms
13ms Image
image/gif 2a00:1450:4001:827::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dzc-v6exp3-ds.metric.ipv6test.com/v6exp3/6.gif?ipv6exp=dzc&p=p4&rnd=gnqlcqwuve7f2&hmac=r7xkme2ir5npf3pm&nonce=166003

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com/v6exp3/ Frame E266 35 B
410 B 113ms
14ms Image
image/gif 142.250.185.114
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.114 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f18.1e100.net

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com/v6exp3/ Frame E266 35 B
410 B 112ms
14ms Image
image/gif 2a00:1450:4001:831::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI-c7HmPjU8AIVmcm7CB0-wQ5WEAAYACCd4e4vQhMIqdXjl_jU8AIVbcG7CB2GTAF0;met=1;&timestamp=1621399609211;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 982E 42 B
498 B 292ms
40ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-c7HmPjU8AIVmcm7CB0-wQ5WEAAYACCd4e4vQhMIqdXjl_jU8AIVbcG7CB2GTAF0;met=1;&timestamp=1621399609211;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 04:46:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESENr37TdYhMtcZeH3K8U77CY&google_push=AQvitULqpR4Wp4yA2HBrhlyLJF9l4ytMCEDo-xWy49Li1uinwWm7_hx9JEzeSHFEUYdZuREWOIDb2oClgwChqLfpg8bDBv7VE04&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=&google_gid=CAESEDitIDnpUlZLgdMfTW2qHK0&google_push=AQvitUILC8jESDGFDsskvzYGjB_Ab-DPD7GXR2r6SzXGlewGpBevsfDlU_4kVL6Kbv0lbbyVBYTgB93DTHxdH9ar6ugfsRxsFQkrgA&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUL6aKcTo7nCzu1oNeyBUYJcUqMXqvhHXqAZwTshQWT7mNF1E_bseoBz6w0Ze8UcFqn4ogOEG1v4QiS-v7WkZUAni1-MRLU

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_push=AQvitUJFbwmMrkwvkoLtO8R1byZWiqw0cutLG_Td4RKBuRYvOmMB47fRn9iXh3mM9VMmkJJEEWg01rHhmqYBR3QJL5ySr7TaORbF&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_cver=1&google_push=AQvitULQ6qGUbDWSzui1xXzYt56nXkf53U6BJoVXhOg_gAb_fgVFw-DzBsYx7bTRz7xpK5hT34ipMKL5rLFCVKxv_poBziFz7T5GEg&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUI-rr5krFC1KEqqNRB0fsplbGHdwVocME4NZ4tOLDu3pC5QlBGi-LFAZnZhL9CPI7N5KBLZ4gFtyLuWNsWO7D3cbWIWYY9e&google_cver=1&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitULkaMYXm-bsCJop7JYvN7pcVTLahWjWvYXxlCIJY8wUq-mnpy20DXy44NGJQGQHMJ_A4vyxkmXuH2m7vXGsqfNZnFsjkQ

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_push=AQvitUJkNP6ewfo3IVa-qZRWaswMahp4J9lMVeQZ82sFoGOkG7D0H6C8a_1iiqTCf_ynLzYMZAXUefxaN_oLJ1UOdOQaAghlPilQ&google_cver=1&google_gid=CAESELntcUZ-Pnu647gDqsku1iw

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKSYLYB3NaRSaQ2bf4xhwAAABF0AAAIB&google_gid=CAESEJhn4dVvoKRLfppuqoh2tS0&google_cver=1&google_push=AQvitUIh3LWgxkPOhd30yXbBVBcdt0qm2mwZREaui0gQx8kJAKucIBIc-nrsUBZPIX19cuRXrJV9taugVj-VNtKIamvRsyKWC_bD

Verdicts & Comments Add Verdict or Comment

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 18:23:23	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 03:44:55	Name: IDE Value: AHWqTUmNQ0dnXi8-JmJyF1qdAhIo60Yv6JVK6rOcYLb6UVYdBHdVlGDSaUMgjsizm-0
.redintelligence.net/	1970-01-19 20:32:55	Name: 8lcfmzhxc8d6_uid Value: 1c1eed14fcd8fd54
.farfeshplus.online/	1970-01-20 03:44:55	Name: __gads Value: ID=aa8789595af8dfe9:T=1621399596:S=ALNI_MZk67qnmhEnITOqP4WzdTcLVDD6Nw

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js(Line 66) Message: TypeError: Cannot read property 'appendChild' of null
console-api	error	URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js(Line 66) Message: TypeError: Cannot read property 'appendChild' of null
console-api	error	URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js(Line 66) Message: TypeError: Cannot read property 'appendChild' of null
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051701.js?31061220(Line 6) Message: Exception in queued GPT command ReferenceError: MISSING_WIDTH is not defined
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
734a948d2c93e231fbd5b87745f90e7e.safeframe.googlesyndication.com
ad4m.at
ad4mat.net
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ag.innovid.com
ajax.googleapis.com
analytics-wg.webgains.io
analytics.webgains.io
api.postquare.com
api.webgains.io
as.ad4m.at
assets.ad4m.at
bidder.criteo.com
cdn.contentspread.net
cdn.radiantmediatechs.com
certify-js.alexametrics.com
certify.alexametrics.com
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
codeorigin.jquery.com
connect.facebook.net
d.agkn.com
diapi.webgains.com
dsum-sec.casalemedia.com
dzc-v6exp3-ds.metric.ipv6test.com
dzc-v6exp3-ds.metric.ipv6test.net
e.dlx.addthis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
gum.criteo.com
hal9000.redintelligence.net
hal900025.redintelligence.net
id.rlcdn.com
image6.pubmatic.com
imasdk.googleapis.com
img9-api.postquare.com
live.demand.supply
mobile.farfeshplus.online
odr.mookie1.com
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i1-v6exp3.v4.metric.gstatic.com
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-709635-i2-v6exp3.ds.metric.gstatic.com
p4-arewkhcl6tkcg-nxnzhqcnluta7gml-if-v6exp3-v4.metric.gstatic.com
p4-gnqlcqwuve7f2-r7xkme2ir5npf3pm-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
portal.o2online.de
prod-rtb.ad4mat.net
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
rtb.openx.net
s.update.mediamathtag.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
static.xx.fbcdn.net
tags.mathtag.com
tpc.googlesyndication.com
track.webgains.com
w-it.m-t.io
widget.postquare.com
www.awin1.com
www.facebook.com
www.farfeshplus.online
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.wintv.live
cm.g.doubleclick.net
104.111.239.217
104.131.156.249
13.32.14.47
138.201.63.150
138.201.84.245
142.250.185.102
142.250.185.114
142.250.185.194
142.250.185.195
142.250.186.162
142.250.186.35
172.217.23.98
178.250.0.165
18.194.113.221
18.203.131.238
185.18.205.182
185.29.133.58
185.64.189.115
2.18.233.201
2.18.234.21
2001:4de0:ac18::1:a:1b
216.58.212.162
217.182.200.20
2600:1901:0:76b9::
2606:4700:20::681a:ad1
2606:4700:20::ac43:4712
2606:4700:3032::ac43:aa7a
2606:4700::6810:8616
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:802::2002
2a00:1450:4001:802::2004
2a00:1450:4001:802::200a
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::200a
2a00:1450:4001:80f::2013
2a00:1450:4001:810::2002
2a00:1450:4001:811::2008
2a00:1450:4001:813::2012
2a00:1450:4001:827::2002
2a00:1450:4001:827::2012
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2006
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2012
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:6c00:283::3b8d
2a02:26f0:6c00:28b::3b8d
2a03:2880:f045:10:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df
34.98.67.61
35.227.252.103
35.244.174.68
46.236.13.147
52.33.71.0
52.35.171.122
54.217.57.115
62.90.37.40
69.173.144.165
81.29.72.47
82.113.101.132
85.114.131.233
95.142.20.17
99.80.199.35
99.86.242.110
99.86.242.65
002b55efaf484a452426433e9047d96223da3a1f9b62ead96663769470987728
028e3e56a2f7b570857e2bc020a3e6dd49c6174d3d7ed36374384895ab880fb6
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258
08faefaebcdae4111aef5f39495fb508c2789bd08a9d47bd96799575ada50f51
096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3
0abb970d01a6442a96aaf5b6c7dca8328f23d3d91ba9892cc4023d14c4d7fba0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
11e55e15d34c29250a5b8789da5b4798a2cf0a9f03bc7c87b45b9d9378badf28
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c9c4886794f7dd50629f8cafeb51ba4c8b46ca48d9fdfbc1a13775115be136a
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ce232c2475cfe9484d7671d89c36159b1494d8ebfc50ce5d0ec40e8fcb71d7f
1ce6078d61c3621293273e65d1344a7dc0895bb80d4b3e7986deb9bd588e2a00
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1f0500a27828d59073601a58f25e82e40f9fb4aed6e1321ae3f0e191c3c302c5
272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86
28d3c289500ce1db232259e9802da11ce9137eaa902a8a730bf8507af2fd13df
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
2a4e96c772ce5bfd29d671ad3dfaeeec6a9af49fdad4f50c2c5e709cde504abe
2c4f0bcb699b110d5cb89f843d624dda1bc7a5af9e41d26d1b67259f152f7a17
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2d1c4b784f402c7ceeefcc8033086ad3e9425c4db5937b8c1c17a563928a8b90
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ee75081870589191b3013c69834e8ce2fea2399061134c8dc15c4dfca0eb31f
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
348de2e3a7898feb64d3e8b9fa3a06429fe9c3c5af0501d9bea341a47058d582
353b4bf2cf6216dc1f67877f045ef73c5d9f90f4d7bd5bb0ed91779bad39a285
35f8f1e44e29628c1f3976dc03085560f395d41331798fdff3324561ed23b843
3613c89747be4a2d5dc17f442d0a482da665784e2e5a3931fb9a1fc38fa0fa8d
389fea323237b8da675f0c2ab8b701a9a0637ec1e4bb3d4b6cc9ce5440abc1a5
38f8e7df0b8db7f0918d500b6e8883b124d403494ee4e55ed806c278112f1c74
3a4fc14180ae118f278fef24fed0c73cb65bb14049d68f0f43b7041090965aa8
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3b4bd5af42c1283d9aa552dea540150517a07e69ba8e3e1db2fd631230a8c5e9
3b58f46fa2ba24ba2b09889e2cc76ea0645813ae2e374f3aee0c1e16ccb4eb13
3d00bfeea80983c9ff4eb0438b76f2e7242c288fa5fb83c938be74893fad5a5b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
414065eb8bccfeced9386a863dba180b1ab3153b18395b3bd4e855e0ee860f4e
44c17b73811d828ded486a2520c89a58a5cf478300b7b2ab4e877ac8d1480c6c
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
469aac82208420399668a08062d50b404aa5f1233da32e2bcbdcd1e1905492c2
46d1e77641f6cb68dadda1844ca811d9aebec2a8c8cf2b92980bc10ff34bac8e
47a3c9215794c9ff69454f59251efeead57f9defb9b924cf2551a19f55dd1c8a
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b
494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
551501f0c74f0a11365a588dcdc0283e0d8212a74108d3f65976f84dda3f9235
573dd332efcaf9ab1ae7f7e72bbbd65aa0c6b9223c4bcead7be3aa25685cba4e
59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070
5b047e98b8e64dadf88aa768f38c9229b478ab7ba03b553125954b146acf0147
5b28f10f3b519ff3f194d085a453a6d2b77519348f8121b809ee17a87bb8db9b
5cb0b17af2e69cc2c148c2d0834edb7413541002a6146fcf387fcf316fd19905
5d1eaa3b44d10cc4a03faa17ba6defc7d89cc850bdf6037b2e71ea23e4fd409e
5e222b39268472a317e525e278ade9b08438d0e94d791a2b88c5acb11456f2d6
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964
61503a287de254c32f72e9cffc4a878840965b614e60add27460575e71c2d518
6210b7f1e8ac2cba429f73aa394356bc692f6085493c2f5e2a234a20b7c1463d
646f9d1dabfc0a469e6f5041281c3ae403cc2d5c59d08623ad7f1e504e9be0d7
65598ccf9bfb715cae79447c0341910fb426f3798fdf951b8817e1f05df42efd
65bd64f93eeb0e9cac00f8ed11c2a9c4663907c5a96b7c80bfd2c7502141939b
664cbfbb35078b3a70ce7839165bf83279c812ed8a017420ec2544ef5b0f5fca
66bdbc6f334ad5094c875459d3a9b88c52f2f065759d45f0d5c8d0262d327ddf
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
697a51d119f5d888957a94cae9d46a065a4f3ed150b6ec2ab959c951139e5a97
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f5933a16d66ff1aeb40fc0870693965e6380ec671a9c725bb99e6dd5cec11e1
7192c2fc9c4decf50d30b18e13499ecabcfa25f4559ad2e0b96b8369507fa287
71cd77ac96b3ebee817947056738da7ce94b72e3900f7a66163b056fc380a02b
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
75ebaa46801544e004a5e085fcce71da892111e6888aa5130ea041e3561631fa
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7a3970fd1b3a9d74bad2fc07e945397246d5da9a8e02d5d85b51cc5253259874
7a9fa78ad1b4910f80ed85374da8e3b6b59098b6387bfea1949bdfea54ee8e65
80163332a4f6ad3247da0209787eb18e4cd778d93f3a3b6bbda7997080ef34a7
803e8096317023d4f00a7d7bd24197562c658bd82771f81387270977c0524baa
813e08a0b6c28a3370c1b31ff8ca993a9655288f107b63425a898fe59fe4b806
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
86252e3fc1d09819a33efba7e0781623cd2fa0386885b9f229d95e16d23acccc
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a4ff76232f9c5b9a8829282a44f96a88ad7c45f64ac597228805b1e8e6074ef
8e17416059f9e1ada9694ae457d869c6c2941d9da66c9e9ac5d725ab45b50d81
8edad1e29afd622be88df9724eb1860285a57a063f01dbd235188f1719aae754
8fe098042af566fa3cb0b96ade2fc9d7ae48d774a806b647cd07b1d145ceed22
90acdec7799a0f5d492c728dace212a1a401dbcc19aa8ac89fb9af5e3fdb094c
91be3f39533b913dc91cfe0b3f71c4ae70d92447a36bf39ca49fc08f9d618eef
9283c18ab5dee682a522d80816bb73da73cdba28e97146b8e133de84c99266d4
93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668
94e37f1a24a682b88f0212e2514f7e4cd3a2601342aaf332de8dc39ef544c44e
94fc5bd7b00ab5465c116ca56677cda170ded877cc6fe01c5ea0caffb2ddf92d
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96cc475fbb957de7de8572a4b532b7a9fe90386b3dd10ecd07728cabf2516ff7
97148294651f71eb2be2e2f84736de37708be96835bf8cbeb6ea96e5b3b21dea
97b181e47a41471ae5c3f80f60c9a390d27bb80eb18af23e30ddf9e3088e1b38
97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d9c25cf04035ff568bd6b609a2cfdfe6e333d29c1161082cf5e8d7f6d78d444
9edd827965a6e1332c3aac5d7d0cc16269f4536a33817f25cb92703f5953c836
9fc120b3fce9d1ec2f03ce708ff0b00eb2692c756d1c662e28c9a9e8379ad8ba
a01d8b7ca6b54b65249b97435040a6202bed90eb499171362fe6b08600791a41
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0bec107dc5e1169feb956927f5aa851ce5aa0231f38c0c99ac23cfe7c37a770
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a22e943d4273fb3786c1f46049f12eab60aed4ec8f569689ccf9ad591606e5e9
a2d1597b62635da6ea02f357233e1440ccdb2f3c5b57b2693c6c35d2291dc7dd
a476c219ba06b46d7dd3209f76207f8e4ba98b56dc292f32a243c4c73ce77a79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c0938e087a40c05a99d723eaf012958e03b048659bed9b36a2bc63f766d32b
a5c6e77b6ef5c49216d0458931228e39370b1b6abbc9ae89dea6fd541fda0ccc
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9642d6bf20c947043c622942ce78c30acc09fc19d384af37abc234061e22dd6
a9f15054a1ee84cb32b57a441aa1f10583273540213836beb704e402e5ed4dd6
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aac9552f07e57bcbfa55fd1ecf3a698bfaf85fcba44fd1abeaf75e2ec9bc0caf
aaf307137bc334beb3c196e81cbfd767137df69f096ec46e30ad0b4e4e3ce15a
ab2ac26878723e8344cdc7a4dc137796b3d1309852307d44c57f0a1bf540cc07
ab70d87e0d9568a827b4e2003b1de9858112f12bfd88f15cf14487d698a23889
ac7b85c89057a31981b2af0d754be1b67ab4af30d0d0b99e3088ea38562e2f38
acf2598b33b97668edf408a40c5a47b845ab37d1de7d2cda14370e31c37de8df
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2cae88100e4c402e454488ec7d17eab3d98f569a559596b764716c5503b7fa1
b50d0b9908176988cf95af97f912848e39a0fcc20f13afee5aae8310a9556e2c
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
bad98df13137c5f369a86a62ac62042596888c5a3c235320cefa65e9aec631d8
bb5e6fb8b67b430f2f16d683fb3b41acfaabc67c1ace6a706c73b35e3edd9bb4
bc8f5f5470befaf2373a91f39698ade46d3a1b48edb138b72fef9e1325706780
bccee4f9154fd1cf22764d19840d5e8a5f3bf3be708d32ba4e5f08d661988e5a
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
be6ef353e045fd339ba1f956ecf4e4ec0988e3d8275a3e63240bd78cc31fc476
c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a
c06ff260eb797c58298e9b6f44707766545cbee3776fa0712e17e6a4c4dedd4f
c0a5fca6cd62a36f0254804b7ffa74385a70e55ba869388f79b2b7c60bde77d9
c274fd3da5a11f0b4ce2575a09d61ab1575e661ed76d01f5babd9f2177164783
c5a83eabfb238c654e3791a5873f78692575aa779159a35f2b373ee0d767e1c9
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6eb2eeb98d7863e83999538cf81b884b389af4236e217f80eb7e6e75bc0113c
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
c8b5d984e6d2cdaf64b8a50c9b645e347e74ffa712aa0b9422015700c98f9bb9
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca347e552319345d81558197c870d2c892dc8de45d16fcc73fd7346ab520363b
ca35476a2028b4862ecc9b2ffddfd3a522f274863aca8ca08c82fb7c9876069a
ca6b0b31cc1552331bc007bf8a3c4cc40a44cb65cc30d8b81dd96aa2cd637ece
cce45bed757c6288dd85428e91a2bb91927ce0f1a6cec010ac9f5db184670a7e
cd070d9a421900fd5dd69ca4cc7ac03bbc8ce4bec7c40ec93655ab4d8f61eefe
ceef3bffa7ee3b4aa56c337d52e607ee2ad80b7e4c3ecf7291af6e0cece92da1
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d3b6fc02fa9ecb6053a4f92cb409717894443f50da2e3dad7e4f3df715f7ca6b
d4b455567cba51e8924882fa2a34431ea079a6f86d33d1da4dc628daf1a3a570
d4d82d1d22044542d02e2de019ea245ea562c39430121768daed76b7443ff63f
d4e42f495e06a6ae0768210551563b2bcbbffdf72a236c39fde6c297392dbd63
d690d9ad990b0116e795acbea479fe79c72be0f6310d5fc875e1de86ebe9b372
d79f51f753357d11d5781f6478bd1993db8ea9ff5d4426f45856e75502704a31
d93f4f764048996df486e96b2c68f15f4f3b1c110eaff398b681c15b43aa9772
d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e
db6f4e12488601f7cee9a4fe6850fad96bec8d7502c09eb1cfd071705c85915f
dca80706fd6ee621bb041d0ccd65ed4ba52b76e18c019edccd2527fc3672a2cf
dea033e75dd8118f931e11ff9afbcc34cd29e99a6c0e53816ac20ac5969f12b0
e109c542f49632f5b2836ef158661155f82a7e9a4fc1898711ab11f615442438
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45240546bfaeea08e1780d1cb27367287317dcdf76ec28c2c3d3b4a4af8cac8
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e756c48c642809aabaebeed2b5156ac70af0910e753331c0e36458466478aafb
e83f44448b1936bd1cf7c689419be7dd5ae8001e7789b349e513d14ed4d24ba4
e9f8be6cb98aedc4f0db1d4a191bf850372db3945a71668578d426750f323ccf
eb2046db149e3f05106716883596ced37d71ccab14cbf0bbd3bb5b8f6dd49544
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f181f4cb1b4d6741c0b16e962b3c06aa6ad7fe6cf0aa6c1712a1fa86864a604e
f1c0ff44ef7b2108563d7acee7bd9854ac44999914a1fe1a5d966e122366040f
f37d6a5d3866f0d0a1ff6243e22d37fc63687b2e452b3ea58bd798a1b7e507f9
f7343a271b41d6b227b1d367d12673d5488a1436f9607830c8cf6ab76291387b
f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da
f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77
fa40f4a8ee08b163e5c78cd66b81799e23cb9a95ee661c1218a11fc6f3d02431
fda2c4e759554be9a218105625a9ee760cc077fc961df85984c993107130e2b1
ff4d9197cfd4b9f28300e0652a527c652c0c2b746231a490bd042c04132c0309

www.farfeshplus.online Open in urlscan Pro 185.18.205.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

423 Requests

98 %HTTPS

46 %IPv6

49 Domains

75 Subdomains

64 IPs

7 Countries

6147 kBTransfer

14385 kBSize

4 Cookies

8 Outgoing links

Page URL History

Redirected requests

423 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.farfeshplus.online Open in urlscan Pro
185.18.205.182 Public Scan

Screenshot
Live screenshot

Full Image

423
Requests

98 %
HTTPS

46 %
IPv6

49
Domains

75
Subdomains

64
IPs

7
Countries

6147 kB
Transfer

14385 kB
Size

4
Cookies

423 HTTP transactions
9 data transactions