postimages.org Open in urlscan Pro
2606:4700:3033::6815:55cc Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.helpcenter-evri.navicoads.com/
Effective URL:
https://postimages.org/
Submission: On March 09 via api (March 9th 2024, 9:29:09 am UTC) from US — Scanned from US

Summary HTTP 139 Redirects Behaviour Indicators

Summary

This website contacted 28 IPs in 2 countries across 18 domains to perform 139 HTTP transactions. The main IP is 2606:4700:3033::6815:55cc, located in United States and belongs to CLOUDFLARENET, US. The main domain is postimages.org. The Cisco Umbrella rank of the primary domain is 647981.
TLS certificate: Issued by GTS CA 1P5 on February 3rd 2024. Valid for: 3 months.

This is the only time postimages.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	69.49.234.212 69.49.234.212	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2606:4700:303... 2606:4700:3033::6815:55cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3031::ac43:d8aa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 40	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
6	2600:141b:1c0... 2600:141b:1c00:f::172c:c9cc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 24	2607:f8b0:400... 2607:f8b0:4006:80c::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:817::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81c::200a	15169 (GOOGLE) (GOOGLE)
13	2607:f8b0:400... 2607:f8b0:4006:823::200e	15169 (GOOGLE) (GOOGLE)
3 8	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	68.67.160.24 68.67.160.24	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2607:f8b0:400... 2607:f8b0:4006:81d::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
3	34.117.228.201 34.117.228.201	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4006:822::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
1	18.238.55.5 18.238.55.5	16509 (AMAZON-02) (AMAZON-02)
2 5	18.208.254.216 18.208.254.216	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:21d... 2600:9000:21da:3c00:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1	23.1.197.91 23.1.197.91	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.238.49.47 18.238.49.47	16509 (AMAZON-02) (AMAZON-02)
1	13.35.93.97 13.35.93.97	16509 (AMAZON-02) (AMAZON-02)
12	23.46.224.48 23.46.224.48	() ()
1	18.234.13.237 18.234.13.237	() ()
2	108.139.47.31 108.139.47.31	() ()
139	28

1 69.49.234.212 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: vps.navicoads.com

www.helpcenter-evri.navicoads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:55cc (United States)

ASN13335 (CLOUDFLARENET, US)

postimages.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3031::ac43:d8aa (United States)

ASN13335 (CLOUDFLARENET, US)

postimgs.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2607:f8b0:4006:80f::2002 (United States) 2 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:141b:1c00:f::172c:c9cc (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2607:f8b0:4006:80c::2001 (United States) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:817::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.65.162 (Plainview, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.24 (New York, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::200e (United States)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200e (United States)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.117.228.201 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 201.228.117.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.55.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-5.jfk52.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.208.254.216 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-254-216.compute-1.amazonaws.com

comcast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21da:3c00:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.1.197.91 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-1-197-91.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.49.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-47.jfk52.r.cloudfront.net

ajs-assets.ftstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.93.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-97.jfk50.r.cloudfront.net

agen-assets.ftstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.46.224.48 (None, )

ASN- ()

cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stat.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.234.13.237 (None, )

ASN- ()

ad-events.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.47.31 (None, )

ASN- ()

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 161	860 KB
19	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 cm.g.doubleclick.net — Cisco Umbrella Rank: 271 bid.g.doubleclick.net — Cisco Umbrella Rank: 891 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 562	190 KB
14	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1086 cdn.flashtalking.com ad-events.flashtalking.com stat.flashtalking.com	79 KB
13	google.com 1 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 647 www.google.com — Cisco Umbrella Rank: 2	71 KB
12	gstatic.com www.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com fonts.gstatic.com	240 KB
9	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 567 rtb0.doubleverify.com — Cisco Umbrella Rank: 982 tps.doubleverify.com — Cisco Umbrella Rank: 626	229 KB
5	demdex.net 2 redirects comcast.demdex.net — Cisco Umbrella Rank: 5194 dpm.demdex.net	3 KB
5	postimgs.org postimgs.org — Cisco Umbrella Rank: 317198	39 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 124
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 631	3 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 256	3 KB
2	trustarc.com choices.trustarc.com	9 KB
2	ftstatic.com ajs-assets.ftstatic.com — Cisco Umbrella Rank: 1700 agen-assets.ftstatic.com — Cisco Umbrella Rank: 1470	30 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	2 KB
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 812	631 B
1	truste.com choices.truste.com — Cisco Umbrella Rank: 1092	8 KB
1	postimages.org postimages.org — Cisco Umbrella Rank: 647981	4 KB
1	navicoads.com 1 redirects www.helpcenter-evri.navicoads.com	511 B
139	18

	Domain	Requested by
28	pagead2.googlesyndication.com	postimages.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.gstatic.com bid.g.doubleclick.net
24	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com postimages.org pagead2.googlesyndication.com
12	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
10	cdn.flashtalking.com	postimages.org ajs-assets.ftstatic.com cdn.flashtalking.com
6	cdn.doubleverify.com	googleads.g.doubleclick.net cdn.doubleverify.com bid.g.doubleclick.net postimages.org
5	www.gstatic.com	googleads.g.doubleclick.net postimages.org
5	postimgs.org	postimages.org postimgs.org
4	comcast.demdex.net	2 redirects googleads.g.doubleclick.net
4	www.googleadservices.com	postimages.org googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	choices.trustarc.com	choices.truste.com
2	stat.flashtalking.com
2	tps.doubleverify.com	cdn.doubleverify.com
2	googleads4.g.doubleclick.net	bid.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net postimages.org
1	ad-events.flashtalking.com
1	dpm.demdex.net
1	agen-assets.ftstatic.com	ajs-assets.ftstatic.com
1	ajs-assets.ftstatic.com	servedby.flashtalking.com
1	servedby.flashtalking.com	googleads.g.doubleclick.net
1	d.agkn.com	googleads.g.doubleclick.net
1	choices.truste.com	bid.g.doubleclick.net
1	bid.g.doubleclick.net	cdn.doubleverify.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
1	postimages.org
1	www.helpcenter-evri.navicoads.com	1 redirects
139	34

This site contains no links.

Subject Issuer	Validity	Valid
postimages.org GTS CA 1P5	`2024-02-03` - `2024-05-03`	3 months	crt.sh
postimgs.org GTS CA 1P5	`2024-03-01` - `2024-05-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-11-18` - `2024-12-15`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-09-07` - `2024-09-29`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-09-29` - `2024-09-28`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
*.ftstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-27` - `2025-03-11`	a year	crt.sh
cdn.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-04` - `2024-05-03`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
ad-events.flashtalking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-17` - `2024-09-03`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://postimages.org/
Frame ID: 237C649A7842B7A84422E689DDCA51A3
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_nohtml_fy2021.html
Frame ID: BA15E7E57BC55B2A3ADDA5440860D7D5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&adk=1812271804&adf=3025194257&lmt=1709976545&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpostimages.org%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~18~19~20~21&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545286&bpp=4&bdt=482&idt=528&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2414228942947&frm=20&pv=2&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=545
Frame ID: 68886F8D93115632CA0FC1D83984A934
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
Frame ID: 5DE1DFE299DB240536F5A132A442FCBE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545292&bpp=1&bdt=488&idt=561&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=564
Frame ID: 2921CBFFD15EA1A6EF9677AA63CC528A
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhCFx7SdAhil27GAAjAB&v=APEucNW8Oh0Ml0O8qi1abgMHAPNcHsKdnqERoflQuljtDVwo1Po8SGnSMmgWMAeHiOicC64Ch834rQIjMxIHYJDz-evNVAQhcg
Frame ID: EDE01ACE0F691EF1506211EABD614CB4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: D8E5295B6B625E83DC50C07873F856A2
Requests: 37 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A049414C453F3812A81D176BF0480773
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Frame ID: D46F9F7DE29A95A613F2D5A5EBB3A8CD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Frame ID: 6178725B99F620D5BAC5A7CDB9F5A011
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: B718AE4C39F591354ED60C21C18D02C5
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CD0725F6177569C43E3B940EA1525CF9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js
Frame ID: 93446F53E1DB38FED282023B62F2C907
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js
Frame ID: EF05150DA8A413949B9FED9FD7210661
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements5557.js
Frame ID: 72D54D74DE6901FC68A912D68BCD51A5
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements5557.js
Frame ID: 5817DC025E4DBEECD188BF6E59E4736A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js
Frame ID: 3D3B869AA76A2433E19D53121E052FCA
Requests: 1 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/188939/4627654/index.html
Frame ID: 33F02032097434F36A7DE586659D5FE8
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F03E2DAF97FA547973E6A68109728A67
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 02D3B6F1B20A011B56910CD9688D6603
Requests: 2 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/css/style.css
Frame ID: 496420F5B2A59F81BFAF84A6377B0FF9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postimages — free image hosting / image upload

Page URL History Show full URLs

https://www.helpcenter-evri.navicoads.com/ HTTP 307
https://postimages.org/ Page URL

Detected technologies

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

139
Requests

91 %
HTTPS

46 %
IPv6

18
Domains

34
Subdomains

28
IPs

2
Countries

1765 kB
Transfer

4977 kB
Size

23
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.helpcenter-evri.navicoads.com/ HTTP 307
https://postimages.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1

Request Chain 33

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zewr4sAoJJUAAEWeAE3M8AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1

Request Chain 34

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECaCZ-K1LTIGURUZR8gi4S8&google_cver=1

Request Chain 35

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1NjU5ODg2NzYzMzQwMzk1

Request Chain 43

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCb0vi6VRCQARiQATIItFYPU8y28GA HTTP 301
https://tpc.googlesyndication.com/simgad/14721375404797248074

Request Chain 75

https://googleads.g.doubleclick.net/pagead/adview?ai=C2fkS4SvsZZmtN9_xxtYPh4WCqAigxYikdp_zruG3ELKQHxABIJHywAdgyYaAgNyjxBCgAZL68doDyAEJqAMByAPLBKoEzAFP0BM5MNoCiNSAuQDJO14_S9S-LptCDFNE8AXjINvCD500XEq3lxdiHmRRPykIZZaFsDGolBuln5Io6sNk_wLRLs4heVT48ZQhUQ7HHfvbwRPEr-8ul0CZ782FPXtFEmr7JM49sngxTQQtCc5NcEKIFB_gtG3_pjEnFkD_MMRCqpNLkwpqR8Srh-SniX-HZFE8KC4Hx-Gc4CHlQw4ALBXrPNNAxmvS0XjRT8rKLZsHJRAUJoGfqNilVbFoDMdR8U-n0eCWWFOHCvA2Vq_ABJmmiZ3zA4gFzJr81T-SBQQIBBgBkgUECAUYBKAGLoAHns2gaKgH2baxAqgHr76xAqgHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAPIHBBCssSTSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYluzehO_mhAOaCS5odHRwczovL3d3dy5ldHN5LmNvbS9mZWF0dXJlZC9ldHN5LXRvcC1zZWxsZXJzgAoByAsB2gwRCgsQ0LDo87_4ksHRARICAQPYEwyIFAHQFQGAFwGyFxwKGggAEhRwdWItMDc3NjIwMDI2NTIwODkyORgAshgJEgKTTxguIgEA&sigh=BjNqggBdWkY&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqEvDH3pHYmeemHqZzxz_MI-iAnKSCiuEZkK3XpkaHkftSDivCCVMXeLuCsx63FZQrry1EN3XruPeyPOCTMrI6msxoRD0PDboOGjIYAQ&template_id=494&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x12f06c7ee6ce35b40000000000000000%22,%222%22:%220x30ea4c30a4b253070000000000000000%22,%223%22:%220xc6c51282f535629d0000000000000000%22,%224%22:%220xc90d412a13dd7acd0000000000000000%22,%225%22:%220xa99b7c4c77ef40880000000000000000%22},%22debug_key%22:%2210069248175737810102%22,%22debug_reporting%22:true,%22destination%22:%22https://etsy.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22995917074%22],%2222%22:[%22true%22],%224%22:[%2203-09%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224855101139345984065%22}&andc=true

Request Chain 78

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 80

https://googleads.g.doubleclick.net/pagead/adview?ai=CjV-u4SvsZdyQNpXHoPMPwZ-BsAz_3YaZdo7xw9vHEputmeTrFhABIJHywAdgyYaAgNyjxBCgAYvliMUDyAECqAMByAPJBKoEzgFP0E_BlGQ5A0Gebk782Art4YFRNCJcdtr7-hyH7_6TAuInq6x4IHWE25MSVCICoL7M7sD5mcaIGGem9ImP_ueDqAp8jvqlBTq-M19C_HDbM9XX_ICTIEb2xh2xx6quzbxG0DYiorgResxU68yCDbi2LuB4znQ5kDqHUnWiVmTjWflGHEdC_Mf-4vJHhvOVCqoEp77YW_xPnKAV9-ZsGhUK4w1gbBk5Ic9IRCTwiHOXmXHB3d8wieX2TFtv9gHdbB0QCqvNyDYxzK_xH0gahcAEzaO69oMDiAXt7rKdJ6AGAoAH3Zr3OqgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrEC2AcB8gcEEPyLGdIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOliP292E7-aEA5oJT2h0dHBzOi8vd3d3Lm1pYW1pZGFkZS5nb3YvZ2xvYmFsL25ld3MtaXRlbS5wYWdlP01kdWlkX25ld3M9bmV3czE1OTQwNzQxOTkyNjk1MDOACgHICwHaDBAKChDAr9aZ3I3vixQSAgED2BMD0BUBmBYBgBcBshccChoIABIUcHViLTA3NzYyMDAyNjUyMDg5MjkYALIYCRIClGsYAiIBAA&sigh=SbYv0sdmdD0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqsNVuFTB8wGT-GbXwzkr7KjRM5NkGo8ODZik05RJ65ZeCRPWAECZg9DqSN95ZxRKSAX6SS_sii_Gh0PPYbC7ra_MAd5yMZgNMvRgB&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x11b231d237afa52f0000000000000000%22,%222%22:%220xec67edf7e5f566310000000000000000%22,%223%22:%220x1d7d26500f9d2a980000000000000000%22,%224%22:%220xf3a334f50d2ece640000000000000000%22,%225%22:%220xcf3f7e2fe0fadbdc0000000000000000%22},%22debug_key%22:%227063556762000718258%22,%22debug_reporting%22:true,%22destination%22:%22https://miamidade.gov%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22950153867%22],%2222%22:[%22true%22],%224%22:[%2203-09%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224518407184230424897%22}&andc=true

Request Chain 87

https://comcast.demdex.net/event?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043 HTTP 302
https://comcast.demdex.net/firstevent?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043

Request Chain 91

https://comcast.demdex.net/event?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915 HTTP 302
https://comcast.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915

139 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
postimages.org/
Redirect Chain

https://www.helpcenter-evri.navicoads.com/
https://postimages.org/

12 KB
4 KB

218ms
120ms

Document
text/html

2606:4700:3033::6815:55cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:55cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d20c17a56d4a1472fe9d3c8bdbab18b0a5090602d121c53f54781faaa6b7a182

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 861a09dc5e238dea-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 09 Mar 2024 09:29:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cicv6VGmHyLoiNJcMVvgoFtaXlwLOZaxOqkw4jIAhRjOVhvHpoR7VuBo7UclaAA0d%2BY51uFiVA4iInn6EpepNld6dH2kyy8T%2BK1EynfXWGBNJH6e6hQeRpO3lgW4i85pZHY87bZEREh5tkQE7w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 09 Mar 2024 09:29:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://postimages.org
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 style.css
postimgs.org/167/ 81 KB
16 KB 144ms
44ms Stylesheet
text/css 2606:4700:3031::ac43:d8aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/style.css
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d8aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7ae1a1887541a5761b56023ba3437d5d5a8df0e33bafa02a7b192208f686768

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 03 May 2020 14:48:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4214
etag: W/"5eaed9d2-144b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2anRRYTCLT1glhH7sb7lYtqpb8BsGP7oDKd9lFyoANnmECwfjXPiJ4OcA642lKooOgwkCnerOFW1T2B3g2TlEWPjkf9w09sIzSVeoveTK2ajh5t6coaP%2FAzFZ0lKoNO7meEk4MV6PaNSo0g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 861a09ddcb0131ce-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 343ms
193ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21ede29f5167e560a77e4f4490275a4f3ef4ff208dad901c3c6fbb87cc835936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Origin: https://postimages.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51092
x-xss-protection: 0
server: cafe
etag: 16251861170459324895
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 09 Mar 2024 09:29:05 GMT

GET
H2 200 logo.png
postimgs.org/img/ 2 KB
3 KB 140ms
42ms Image
image/png 2606:4700:3031::ac43:d8aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://postimgs.org/img/logo.png
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d8aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aa70024ac6f01c7669a14fc606db2cb555073bad5a076c9d70869392fb1118f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:04 GMT
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2017 15:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3491
etag: "593819b2-8b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWa5r1BYfn6CEYbjOjeoDst29mggrp0x%2BxWn2aYXRjB8FnX0J6FoT65LMSecFmco0a3FZ0rC7Oqd1OejdY%2FK5ZByZU3u89DAqHqxwjUHQrB1qc43rPjGSjXZAik1lqk3sSodnH4pgpgEP9E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 861a09ddcb0531ce-MIA
alt-svc: h3=":443"; ma=86400
content-length: 2230

GET
H2 200 slidebar.js Show response
postimgs.org/167/ 11 KB
4 KB 138ms
40ms Script
application/javascript 2606:4700:3031::ac43:d8aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/slidebar.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d8aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 700602424f3b2803dc9d2c06a01b7afe6639b1334f9144b4ed1a831e74ca6f8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6564
etag: W/"5b9f3534-2c90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IF7py9ysEspJ7zHx3p9AAgGXtkaTkFe%2FsO0xUcsQkQm32dRqvh5ko8iTc1G96%2B3Psg7C%2FzgG0kmixc3lSka4p2Bz2EU04aC3eUhHTTIf%2FqvsgevYOZAeq2UfcP6yvRMh1PTmkyIyUh%2BgVqo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 861a09ddcb0331ce-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 upload.js Show response
postimgs.org/167/ 26 KB
9 KB 120ms
43ms Script
application/javascript 2606:4700:3031::ac43:d8aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/upload.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d8aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 579f7afffec025181ef2723ce9e8376f407c37419bc5345c28e5a868788add6f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 553
etag: W/"5b9f3532-6958"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioJGfMfYwzDI1wJhO86s4XGMSRa41YdwHhvF6hHrcLJcwjDfUNDZPxe09er93hVlch8zvsNzKgN%2FAxs95kceXzxVVVaY5lFLH8fYytwilif0Zm9v8paKCt%2F3gqCBqpQ3aa5vQLyJ2xizG%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 861a09ddcb0431ce-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 webfont.woff2
postimgs.org/font/awesome/ 7 KB
7 KB 111ms
41ms Font
font/woff2 2606:4700:3031::ac43:d8aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/font/awesome/webfont.woff2
Requested by: Host: postimgs.org
URL: https://postimgs.org/167/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d8aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9be248eee3efff14af2a4d91b67a0da6b9fa4a3aeeca3136671c686d8b822be

Request headers

Referer: https://postimgs.org/167/style.css
Origin: https://postimages.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:05 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 54
alt-svc: h3=":443"; ma=86400
content-length: 7084
last-modified: Fri, 09 Jun 2017 21:50:06 GMT
server: cloudflare
etag: "593b180e-1bac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7o1URXrn9lO3I7OeJTH8THhQ1ggG54qbX4KVPi07v9Vs2PZ3H9hAwFjCZ8L9KuKlXgkEkJcEWi0BpgFNRk%2Fe4BC8WnpypCb131WqqG%2BfcP%2B3AgORiz0f2iOABkEWZc%2BCTklEJZaVVB9XoTk%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 861a09de890d2263-MIA

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/ 405 KB
137 KB 301ms
173ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52531a035de63710e13afc8639fbd1b6a16c2498743b7a5a15626b4144d10064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140418
x-xss-protection: 0
server: cafe
etag: 4091244273848922978
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:29:05 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/ Frame BA15 9 KB
4 KB 198ms
62ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 8009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 07:15:36 GMT
etag: 5035419970550746386
expires: Sat, 23 Mar 2024 07:15:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6888 363 KB
82 KB 560ms
559ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&adk=1812271804&adf=3025194257&lmt=1709976545&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpostimages.org%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~18~19~20~21&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545286&bpp=4&bdt=482&idt=528&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2414228942947&frm=20&pv=2&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=545

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcb909c46d932e62c63c3b106bf699a3ec04ee5d42265995dcc21fa2f307f990

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 83589
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:06 GMT
expires: Sat, 09 Mar 2024 09:29:06 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5DE1 38 KB
13 KB 514ms
514ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba96b1737e94f26d92b67251e14495c5e9c4f233b31cf85e9ed52bfd02bc021e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 13581
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:06 GMT
expires: Sat, 09 Mar 2024 09:29:06 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2921 146 KB
43 KB 519ms
518ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545292&bpp=1&bdt=488&idt=561&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=564

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d9a16dcd33ebe339aa5a5f1ddbb207becd39e9c6d31128eb839d73b6ffe58a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44479
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:06 GMT
expires: Sat, 09 Mar 2024 09:29:06 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EDE0 624 B
246 B 171ms
169ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhCFx7SdAhil27GAAjAB&v=APEucNW8Oh0Ml0O8qi1abgMHAPNcHsKdnqERoflQuljtDVwo1Po8SGnSMmgWMAeHiOicC64Ch834rQIjMxIHYJDz-evNVAQhcg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:06 GMT
expires: Sat, 09 Mar 2024 09:29:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D8E5 94 KB
33 KB 181ms
180ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cdb7911dd984dc9b0840a0a94e711600b05dd72d612465fdb18ecfb67ea9e66c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33555
x-xss-protection: 0
server: cafe
etag: 7173713561822972903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:29:06 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame D8E5 2 KB
1 KB 332ms
67ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=971108&cmp=31085978&plc=382629248&sid=6522286&aufilter1=1024534&prr=1&ppid=103&autt=1&auevent=ABAjH0jKRgFK_v9nSj5UdKJb9waU&c1=1024534&auorder=1015441840&aucmp=20849867208&aucrtv=537685413&auxch=1&pltfrm=1&ausite=2597519058&turl=https://postimages.org/&aubndl=&audeal=549644393848091121&dvregion=0&unit=728x90
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: e55c01e3ca797dbf8af251c9d68755f6039f7792afe6866e46269e4036697d3d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:06 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 15:12:34 GMT
Server: UploadServer
ETag: "a8006a511aee2e57196f5e8bee81dde8"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Sun, 10 Mar 2024 09:29:06 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame D8E5 9 KB
4 KB 333ms
69ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 072b26b82798ad8c49b4525afeb2b3687cd64e524f60595e37757eb554a21d3e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:06 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Mar 2024 15:50:48 GMT
Server: UploadServer
ETag: "bc91959d78a89ee428551b43d8baa723"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3638
Expires: Sat, 09 Mar 2024 09:44:06 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame D8E5 3 KB
1 KB 344ms
79ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:10:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame D8E5 20 KB
8 KB 327ms
63ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:18:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:18:30 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D8E5 207 KB
63 KB 88ms
87ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 08:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:57:12 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8E5 42 B
63 B 146ms
145ms Image
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-COOCRDTLzlbVfH6eXIKOsdxlH65wz49Fn5QHg1aL_VT35LCKzl4gi5z9lQnYxRr8IBQ6z6qZPEAL5gSrkm8wznQbRrBe1X4kEssQx0vJ7flo-iJZQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3e4ba1a8aaf1eb5089ecf6e0b9cafde2.js Show response
www.gstatic.com/mysidia/ Frame 2921 19 KB
8 KB 321ms
62ms Script
text/javascript 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3e4ba1a8aaf1eb5089ecf6e0b9cafde2.js?tag=pingback

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545292&bpp=1&bdt=488&idt=561&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=564

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fc0f7a449151c3b32dc74fd37fbf2ddddb7cbf17c74bd5e45b70298855b4510

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7964
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 03:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 06 Jun 2024 22:10:54 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2921 4 KB
1 KB 331ms
77ms Stylesheet
text/css 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

662dbb2e9a1eaa62f25fd7d00eca3d78b8112c88f96f064a49aca4a6be2892d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 09 Mar 2024 09:29:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 08:22:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 09 Mar 2024 09:29:06 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 2921 2 KB
903 B 65ms
63ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 05:13:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15346
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 05:13:20 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 2921 23 KB
9 KB 66ms
64ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:13:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40566
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:13:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 2921 3 KB
1 KB 76ms
75ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:10:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 2921 20 KB
8 KB 306ms
71ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:18:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:18:30 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2921 207 KB
63 KB 73ms
73ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 08:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:57:12 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame 2921 36 KB
15 KB 67ms
66ms Script
text/javascript 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 03:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 06 Jun 2024 22:14:40 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/ 166 KB
56 KB 172ms
172ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0045157339d3ba82765afc52fd381c23c5e2dab2e212e2763f7f947f1ad52cbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57233
x-xss-protection: 0
server: cafe
etag: 7261464944371039194
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:29:06 GMT

GET
H2 200 ca-pub-0776200265208929 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 262ms
102ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-0776200265208929?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

707342fbc0969ee23e4444b97b07df383e2d13180a2b5c56352fb079ac28e099

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-iz-7LTgc_rXHK24906b2ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:06 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-iz-7LTgc_rXHK24906b2ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitHikmJw05BiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiHf4eLDwrZvOqgLEuuuns4YCcczz6awpQOyUPoM1CIh96mewxgCxEA_Ho-sb1rMJHNh_8RwTAH8uKhw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8E5 0
20 B 122ms
122ms Ping
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7535560821935&version=m202402290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8E5 0
20 B 121ms
121ms Ping
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7535560821935&version=m202402290101&ct=76&x=1&cor=3645471487984211000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D8E5 17 KB
13 KB 117ms
116ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQ9KIPXJ1cnPvYAlqb82A_XTxeU7cqdmipP3eUXUyYfcD2HZNlfgQyWlf7d9v7FX_lM5uXyUTFqe1O6115R3zu28PeJX2-rZpfV3jGYL_P8OQDe_PjrPjrciRA_KeEmZdfczW0uudUAw0YrYRsL99oGUbsDWXl7m-e-YCfOY2NTGADUOA6v3LkEpPqGNPEda_Uhb8-lWGsC6Qp-f1Z1gpv1kH4gA&cry=1&dbm_d=AKAmf-D2XJjIUuWJxST8urj_55NEb8sl-R4_lQffMMNHaHMrQjDLoL9EGqxObjYXFCCTw1-2qyoR8JAJNwvvPA_N4klTKShISgNmsbfAU-GPCVRxwzOJKUKZzUSCsB8m1tNm5_3MxI52VWG2LHzPGY9QCQA_c6_un4CDw1mc8TjpTgmDw5arepOf3AgdtAJ0gisE_q2wGnl66oA7ZHO7gByWDTdQ-DjBeVIf8wBfxPT1KPB5l5U-l7olQftEGrUXHUTJx-XqK2xaWQ42_JdtiSSRpb1AD4skwxN5kMNDT3P_0rMNvfER8UeW6QtnlH8B2qJpnq2-nqHf2vivOQbdYpTzUZ3OFQrMHB063yLdXiyb6GTVCH_EZawQQLceFkrxhtvRAlrViuiF-U_tUq97EtR3fiYwA3Bj949qFpMMCcgbe5Y4e6ALSjFBjef8fPiuTD1OGX9rATlAFNdk9Cqi0HOsuU5I9uw308va8a6DyPfn3g_43emVctyG1wlkhsuqE5UE4G-yaV-6JGFabls6TnPrpCIsR5dWPkIOnyMMSx3tD3K7hpuUzUG8sVYUaKbY0lXIg5_WTndlzF69l4Ote3VzwYEaBAopQwQObeilEM3OTg552jeRvO5pq8PE8zBDp8QIJT1pwwJUEwqvtvbLLa-yUzwf5izdq8MOUwgiHUAB_eWwQU060hFTZVe4CDgLKkhCs4HXx26bxv1yQlcsOP0Ev92cJXIrIbCn829L82srJDEO6MIFh2IdN4hFHJllkb0d84gik7Cqw0F5wA8BTSwVhieyLHnP0EhqL41GnNNXJDco5p8jBvGuc7o0RINNPnl-lGS_yywZx-cLobZQ6t1Zrd4-Tj9VyUvVrVULrpa4CSndHFH8x1WSE7bWFvfBHYoeEkaZjT8ZKxj2OUF_YnTniJSdLnaQMkMAahVYOBEL7io0hpgyq2O2Z_Xfc6h-O8UNosg4PoKfHiSAdZxIh5yEP5AjyEcD5K9a6hNv1b4EeqlROYUAPTE04ezwUXT91cK-JSTjNR2HzYlkwesNCzzZWcSJMXtUtusTgDZ8tX7bMBnwT5qV38h0YFR5x3kZta17olJR_tydk4QMxa9iWDCLonuUNQghJgOjGv40NVXhQlCiyZERC6SLkdAhN3YE7x_iQsBS69RnUCxPWpsVw0y9iIpM6qp6q4lVCH-jVE0Ae_OVPhuuBqGKLDV9Clt_v77oaq1Ycken6-Zwj_vPqzLwhqVaobF26Zwwhhb7MKNgJAJg17Hx-9tCLu8cIJQxF_TfC3hDQLlro1G8VYFwTttstHKWvqhLYhvvS6H4CCyAJbaEGdVdfeTp5mlFPGypoKhTzFGgE7gvTCgqFhCVYk0ZX6GcT7Ix31aeepSsveBIeQ6Drcj-kwW2h3kyCJwuqPAM4secZrvckLMqTUwZ-0u5DW_qquC5weUoh1yAVmX6BZ8vKzAD7nenruJI9KtPj9exMi9ws3FHZt0dtcZAduamHlIY-HJuG_3mhfAMikh9VlPEGVBhF47BtxIpHg522_Mf5rVL4LONj2HrjgrZO3aF5O7HUJRdOwsuJibNcUVfw-oylMzzFfO6LI4vW8nxW4yGPVZoy7uwvSJfEk9QhX2baD1i9cfeXnAcOB9tGW2a_mRGycGj4m7NB_b4cSS3I9C_7rESok-FyyB6kII9hnw_r8wDzpaNsDaN6I13J7C9gniD04B8kUs5bVUS1xA8sZu382sauFGWhONaJMgsY0mC2YUuh_EfArDm9TpttKVLWP28ZaBASYN80YdWgdu4FPXgvB-ZsQA0mBPveTcwmDCbZfP8-nse9QWIE8fY8Vk-F8oXfjASZFw9jSH3ziKdaKYHXm4I5AAfmGRg2DFJ35598xI-_3RYEIasQ_IrmlMFUJVT4n563TIdyXuB_7Ls-4rrqqs4MMeWrhlyTQ1owPVL0k5jOviKgug5hdRQ-pRt_wXvaDQtUKknQlTcVbNN3JRuQEIq-FdZIle_BvMf92ug7dBeLTj9MZLCRQ_tWP2eH5v5cJnBDwqrE0EkIB44UxNl2WYqS3yyEcGt0ykEnRoeqtFZ9XSroBSLZP4eAnzQUxlto2lESaHqxVdsKsH0cev4Avzt1hVnVvSfT9jtDC2GTaUnniKexkbRjch-YzNHUaTshqhCTgG9VBlf3wXToefjHw8QXnAbisqQRXU0RqDW6HxDFy9MHzHjHU4RDMCZQu9TRDLJu-cbHyDVk5eoyqphDUPsFtDOCwKOLCFIdBfweAuudHmR_S1g93lxOevXtbtmsP1BXi3HKYEF4Mctl1I1dQWW5MHem48zWNBTkalBsf9besJ6QM15czd5tW_JhRgKxwK4PvhsDRC3wELxSlbmdyoFmDfzDzSdTvCWi5axnu7CTLWKSGX-wC90wtxIrzeJYCfSOE_exqv-b0W-OfyrARlMFf04QYgiJPO597q_wEu3moDLTtd9rjPne6EuYLxeru1fWRVKMp_EpG20VgnAR6hwva1sqwhal1-pLRM0gwpXxFz2PloXRFZmvEXZOlj-278UDZGJT-CJ6X_gCuzoXHoV0bSYr0mfFRbkV1oX-aAtTmau5z3Jbd5pL8tEC2yKdgcibiOupj-Fpq0SAFI6L253jiMa8PFh0kjwM70Al-JuP4we6_1t_h2nd7zWocyqBqpLt18Jiy_yy7SCue5QJo-C9KqFgaHTX7I439UPkqHTOTBotBgLilAWWWBkx5IRlWJvZAxoRnk2BDtTMpbjZTVxeKrUxcp-i06y5GqwvgG1RwLfXB4KfGXiMdV9v7HFB_gyEEMIqx9mG9y1c9m8o6vXX7UJ5s_yTG3a5KeT2hXWeFsbXe2XiP4qWLH8A7E9dRxXsGTHKCRIOrJhaiuldsk7Bumi5O4e85K3pgcZV2YodgnFD588gCYjS8CkFvztki1Is-DJNRs9P91KDxJYgzgBjbls7fZ8WS482EPhw0stPEWqZ-aqSDtGG0XIR4vlzV5MMH0dZ1qvw5RZB3sE2G4m7y6pr7bqPGKmjCUw1_cYBUL5X7Fzhx4MiHIJfF9SMhsL_Wy1DnJn63l81PemnssZOf6e-lzsBy6o3G2NpFW2cbGSCtW1KaDupiFAW67yJAPaQpESll6aawuqkQGfwm3tFnre-LCtbV_arUgZ1x0k3uedBbsUrmjw-7_GFbcxOQRGmTg&cid=CAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAQ&dv3_ver=m202402290101&rfl=https%3A%2F%2Fpostimages.org%2F&ds=l&xdt=1&iif=1&cor=3645471487984211000&adk=2124396031&idt=194&cac=0&dtd=19

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9b56bf0297068737dddd527e11008560d9e8c0f67f80598f01daeffa352870b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12917
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EDE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1

43 B
771 B

74ms
73ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhCFx7SdAhil27GAAjAB&v=APEucNW8Oh0Ml0O8qi1abgMHAPNcHsKdnqERoflQuljtDVwo1Po8SGnSMmgWMAeHiOicC64Ch834rQIjMxIHYJDz-evNVAQhcg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=57CBTPgHI22%2FRQskyRATQVoAM3tpd5MQgd6FwQ5xnRE5BImv9iDGav2JcO1DDRRVzf9ZF6imN%2BzCw722CkAS3X7Gv2g9AQL5P2SWymHGTvm4uzQq%2F%2F2BkJy9WMnBrdYCZ%2FM3QTegaMM9fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 861a09ea4bc46dcb-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EDE0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zewr4sAoJJUAAEWeAE3M8AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1

43 B
730 B

81ms
81ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhCFx7SdAhil27GAAjAB&v=APEucNW8Oh0Ml0O8qi1abgMHAPNcHsKdnqERoflQuljtDVwo1Po8SGnSMmgWMAeHiOicC64Ch834rQIjMxIHYJDz-evNVAQhcg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCq5ow0jwUN2pbnaLfdJSmn4svv4jKfBOhbacCWgCR9WTa4CVXSGVSQQNFuSYmWVj0cTYeCTqYtKzy6zGXEmeFOkM403feoYgfHzhL%2B0CQzrpj%2ByamAT2G5SlHzhecXA22bRwpTBeWvR5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 861a09eacbee6dcb-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrHafACrnBhz0C5XaKRvt0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EDE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECaCZ-K1LTIGURUZR8gi4S8&google_cver=1

43 B
1 KB

71ms
69ms

Image
image/gif

68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECaCZ-K1LTIGURUZR8gi4S8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhCFx7SdAhil27GAAjAB&v=APEucNW8Oh0Ml0O8qi1abgMHAPNcHsKdnqERoflQuljtDVwo1Po8SGnSMmgWMAeHiOicC64Ch834rQIjMxIHYJDz-evNVAQhcg

Protocol

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
an-x-request-uuid: 73a61eea-7ad7-4b05-9074-d1d22bf7eb09
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.73; 38.132.118.73; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECaCZ-K1LTIGURUZR8gi4S8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EDE0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1NjU5ODg2NzYzMzQwMzk1

170 B
243 B

78ms
78ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1NjU5ODg2NzYzMzQwMzk1

Requested by

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
an-x-request-uuid: 8b081b00-092e-47b3-8223-179ce220124f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1NjU5ODg2NzYzMzQwMzk1
x-proxy-origin: 38.132.118.73; 38.132.118.73; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D8E5 41 KB
14 KB 76ms
75ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQ9KIPXJ1cnPvYAlqb82A_XTxeU7cqdmipP3eUXUyYfcD2HZNlfgQyWlf7d9v7FX_lM5uXyUTFqe1O6115R3zu28PeJX2-rZpfV3jGYL_P8OQDe_PjrPjrciRA_KeEmZdfczW0uudUAw0YrYRsL99oGUbsDWXl7m-e-YCfOY2NTGADUOA6v3LkEpPqGNPEda_Uhb8-lWGsC6Qp-f1Z1gpv1kH4gA&cry=1&dbm_d=AKAmf-D2XJjIUuWJxST8urj_55NEb8sl-R4_lQffMMNHaHMrQjDLoL9EGqxObjYXFCCTw1-2qyoR8JAJNwvvPA_N4klTKShISgNmsbfAU-GPCVRxwzOJKUKZzUSCsB8m1tNm5_3MxI52VWG2LHzPGY9QCQA_c6_un4CDw1mc8TjpTgmDw5arepOf3AgdtAJ0gisE_q2wGnl66oA7ZHO7gByWDTdQ-DjBeVIf8wBfxPT1KPB5l5U-l7olQftEGrUXHUTJx-XqK2xaWQ42_JdtiSSRpb1AD4skwxN5kMNDT3P_0rMNvfER8UeW6QtnlH8B2qJpnq2-nqHf2vivOQbdYpTzUZ3OFQrMHB063yLdXiyb6GTVCH_EZawQQLceFkrxhtvRAlrViuiF-U_tUq97EtR3fiYwA3Bj949qFpMMCcgbe5Y4e6ALSjFBjef8fPiuTD1OGX9rATlAFNdk9Cqi0HOsuU5I9uw308va8a6DyPfn3g_43emVctyG1wlkhsuqE5UE4G-yaV-6JGFabls6TnPrpCIsR5dWPkIOnyMMSx3tD3K7hpuUzUG8sVYUaKbY0lXIg5_WTndlzF69l4Ote3VzwYEaBAopQwQObeilEM3OTg552jeRvO5pq8PE8zBDp8QIJT1pwwJUEwqvtvbLLa-yUzwf5izdq8MOUwgiHUAB_eWwQU060hFTZVe4CDgLKkhCs4HXx26bxv1yQlcsOP0Ev92cJXIrIbCn829L82srJDEO6MIFh2IdN4hFHJllkb0d84gik7Cqw0F5wA8BTSwVhieyLHnP0EhqL41GnNNXJDco5p8jBvGuc7o0RINNPnl-lGS_yywZx-cLobZQ6t1Zrd4-Tj9VyUvVrVULrpa4CSndHFH8x1WSE7bWFvfBHYoeEkaZjT8ZKxj2OUF_YnTniJSdLnaQMkMAahVYOBEL7io0hpgyq2O2Z_Xfc6h-O8UNosg4PoKfHiSAdZxIh5yEP5AjyEcD5K9a6hNv1b4EeqlROYUAPTE04ezwUXT91cK-JSTjNR2HzYlkwesNCzzZWcSJMXtUtusTgDZ8tX7bMBnwT5qV38h0YFR5x3kZta17olJR_tydk4QMxa9iWDCLonuUNQghJgOjGv40NVXhQlCiyZERC6SLkdAhN3YE7x_iQsBS69RnUCxPWpsVw0y9iIpM6qp6q4lVCH-jVE0Ae_OVPhuuBqGKLDV9Clt_v77oaq1Ycken6-Zwj_vPqzLwhqVaobF26Zwwhhb7MKNgJAJg17Hx-9tCLu8cIJQxF_TfC3hDQLlro1G8VYFwTttstHKWvqhLYhvvS6H4CCyAJbaEGdVdfeTp5mlFPGypoKhTzFGgE7gvTCgqFhCVYk0ZX6GcT7Ix31aeepSsveBIeQ6Drcj-kwW2h3kyCJwuqPAM4secZrvckLMqTUwZ-0u5DW_qquC5weUoh1yAVmX6BZ8vKzAD7nenruJI9KtPj9exMi9ws3FHZt0dtcZAduamHlIY-HJuG_3mhfAMikh9VlPEGVBhF47BtxIpHg522_Mf5rVL4LONj2HrjgrZO3aF5O7HUJRdOwsuJibNcUVfw-oylMzzFfO6LI4vW8nxW4yGPVZoy7uwvSJfEk9QhX2baD1i9cfeXnAcOB9tGW2a_mRGycGj4m7NB_b4cSS3I9C_7rESok-FyyB6kII9hnw_r8wDzpaNsDaN6I13J7C9gniD04B8kUs5bVUS1xA8sZu382sauFGWhONaJMgsY0mC2YUuh_EfArDm9TpttKVLWP28ZaBASYN80YdWgdu4FPXgvB-ZsQA0mBPveTcwmDCbZfP8-nse9QWIE8fY8Vk-F8oXfjASZFw9jSH3ziKdaKYHXm4I5AAfmGRg2DFJ35598xI-_3RYEIasQ_IrmlMFUJVT4n563TIdyXuB_7Ls-4rrqqs4MMeWrhlyTQ1owPVL0k5jOviKgug5hdRQ-pRt_wXvaDQtUKknQlTcVbNN3JRuQEIq-FdZIle_BvMf92ug7dBeLTj9MZLCRQ_tWP2eH5v5cJnBDwqrE0EkIB44UxNl2WYqS3yyEcGt0ykEnRoeqtFZ9XSroBSLZP4eAnzQUxlto2lESaHqxVdsKsH0cev4Avzt1hVnVvSfT9jtDC2GTaUnniKexkbRjch-YzNHUaTshqhCTgG9VBlf3wXToefjHw8QXnAbisqQRXU0RqDW6HxDFy9MHzHjHU4RDMCZQu9TRDLJu-cbHyDVk5eoyqphDUPsFtDOCwKOLCFIdBfweAuudHmR_S1g93lxOevXtbtmsP1BXi3HKYEF4Mctl1I1dQWW5MHem48zWNBTkalBsf9besJ6QM15czd5tW_JhRgKxwK4PvhsDRC3wELxSlbmdyoFmDfzDzSdTvCWi5axnu7CTLWKSGX-wC90wtxIrzeJYCfSOE_exqv-b0W-OfyrARlMFf04QYgiJPO597q_wEu3moDLTtd9rjPne6EuYLxeru1fWRVKMp_EpG20VgnAR6hwva1sqwhal1-pLRM0gwpXxFz2PloXRFZmvEXZOlj-278UDZGJT-CJ6X_gCuzoXHoV0bSYr0mfFRbkV1oX-aAtTmau5z3Jbd5pL8tEC2yKdgcibiOupj-Fpq0SAFI6L253jiMa8PFh0kjwM70Al-JuP4we6_1t_h2nd7zWocyqBqpLt18Jiy_yy7SCue5QJo-C9KqFgaHTX7I439UPkqHTOTBotBgLilAWWWBkx5IRlWJvZAxoRnk2BDtTMpbjZTVxeKrUxcp-i06y5GqwvgG1RwLfXB4KfGXiMdV9v7HFB_gyEEMIqx9mG9y1c9m8o6vXX7UJ5s_yTG3a5KeT2hXWeFsbXe2XiP4qWLH8A7E9dRxXsGTHKCRIOrJhaiuldsk7Bumi5O4e85K3pgcZV2YodgnFD588gCYjS8CkFvztki1Is-DJNRs9P91KDxJYgzgBjbls7fZ8WS482EPhw0stPEWqZ-aqSDtGG0XIR4vlzV5MMH0dZ1qvw5RZB3sE2G4m7y6pr7bqPGKmjCUw1_cYBUL5X7Fzhx4MiHIJfF9SMhsL_Wy1DnJn63l81PemnssZOf6e-lzsBy6o3G2NpFW2cbGSCtW1KaDupiFAW67yJAPaQpESll6aawuqkQGfwm3tFnre-LCtbV_arUgZ1x0k3uedBbsUrmjw-7_GFbcxOQRGmTg&cid=CAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAQ&dv3_ver=m202402290101&rfl=https%3A%2F%2Fpostimages.org%2F&ds=l&xdt=1&iif=1&cor=3645471487984211000&adk=2124396031&idt=194&cac=0&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 19:42:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 222371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 19:42:55 GMT

GET
H/1.1 200
OK dvbs_src_internal125.js Show response
cdn.doubleverify.com/ Frame D8E5 60 KB
20 KB 76ms
76ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal125.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=971108&cmp=31085978&plc=382629248&sid=6522286&aufilter1=1024534&prr=1&ppid=103&autt=1&auevent=ABAjH0jKRgFK_v9nSj5UdKJb9waU&c1=1024534&auorder=1015441840&aucmp=20849867208&aucrtv=537685413&auxch=1&pltfrm=1&ausite=2597519058&turl=https://postimages.org/&aubndl=&audeal=549644393848091121&dvregion=0&unit=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: a7e081ac2862a2c9fe794a716293c201eb0cc90623edfe349438c3af8f58ca6a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:06 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 15:12:36 GMT
Server: UploadServer
ETag: "8188d451e0a669939fa9ed400c00d127"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19695
Expires: Sun, 09 Mar 2025 09:29:06 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2921 24 KB
24 KB 217ms
63ms Image
image/jpeg 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcR7v6psWoDeeVeIGZhiqrZDeWuC-T4xaG5iLqexLEEpLcB3mzQq3rFo1McRUg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d58e5e72b94e11290289cb6e29849313aa352a395ebe59ab36cdaf7505407c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 08:58:45 GMT
x-content-type-options: nosniff
age: 261021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24262
x-xss-protection: 0
last-modified: Fri, 26 Apr 2024 04:09:00 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Mar 2025 08:58:45 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2921 37 KB
37 KB 229ms
64ms Image
image/jpeg 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQp5IKKNSF8G2RD4KqZCzcymWp5bXZgPMD3iwvC82YSIG7YI6ly2CASvbmYyw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b801f89518d88ad1a2bd1cd26cd6b310d2878c891366928b092bd7f0955149c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 08:52:46 GMT
x-content-type-options: nosniff
age: 261380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37433
x-xss-protection: 0
last-modified: Thu, 28 Mar 2024 03:51:09 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Mar 2025 08:52:46 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 2921 27 KB
27 KB 153ms
142ms Image
image/jpeg 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSvaqiNlvo0ASsvRNch5y8XoBacswGPYhOcv7B-dc2tBtPoPkuyCPQwtuzkb8s&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21beb7d3dfdad3b76f1d9a2784768f6d931dd69e146adc08f632e4ae517c31d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 09:00:50 GMT
x-content-type-options: nosniff
age: 260896
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27274
x-xss-protection: 0
last-modified: Sun, 24 Mar 2024 04:31:23 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Mar 2025 09:00:50 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2921 39 KB
39 KB 312ms
147ms Image
image/jpeg 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRgh0XkaEAxr2ubwVAcYwUbAN5JbKOV_WaqjGxhZJ9w7nVFkgc9sIaQi_2z9Lw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94fee7158ebfb491c85e0d60f4d7f716d701821b6d6b9f20991524ee6fce8d28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 09:13:42 GMT
x-content-type-options: nosniff
age: 260124
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40098
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 05:50:47 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Mar 2025 09:13:42 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 2921 32 KB
32 KB 119ms
109ms Image
image/jpeg 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQp6kcvWsZ7bF9nacdIfxq3V3t-PUmseGN2BuK6OHVHxT44wzgCuyI2_MPWfw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f81246ef3eddfedda901d4493a04645c50fedfd561026d86110d4a9e649dc76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 09:41:42 GMT
x-content-type-options: nosniff
age: 258444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32712
x-xss-protection: 0
last-modified: Tue, 16 Apr 2024 04:10:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Mar 2025 09:41:42 GMT

GET
H2

200

14721375404797248074
tpc.googlesyndication.com/simgad/ Frame 2921
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCb0vi6VRCQARiQATIItFYPU8y28GA
https://tpc.googlesyndication.com/simgad/14721375404797248074

4 KB
4 KB

63ms
63ms

Image
image/png

2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14721375404797248074

Requested by

Protocol

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8ab2778b292d70e077fc8c3c84526bbe581dc2a826165d72c7a29bec439ebae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Sat, 08 Mar 2025 22:14:29 GMT
date: Fri, 08 Mar 2024 22:14:29 GMT
x-content-type-options: nosniff
age: 40477
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4025
x-xss-protection: 0
last-modified: Fri, 18 May 2018 16:14:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

Redirect headers

date: Sat, 09 Mar 2024 05:40:49 GMT
x-content-type-options: nosniff
server: cafe
age: 13697
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/14721375404797248074
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Apr 2024 05:40:49 GMT

GET
DATA 200
OK truncated
/ Frame 2921 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75d2f74a132cf54b9d5969f371e4192cae855ba4ce36b54686dbead2ce26878e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2921 0
20 B 122ms
120ms Ping
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20240306&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 2921 21 KB
21 KB 265ms
126ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:38 GMT
x-content-type-options: nosniff
age: 40708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 08 Mar 2025 22:10:38 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 2921 20 KB
21 KB 202ms
65ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:25:51 GMT
x-content-type-options: nosniff
age: 39795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 08 Mar 2025 22:25:51 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame D8E5 442 B
577 B 223ms
54ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_864473857083&jsTagObjCallback=__tagObject_callback_864473857083&num=6&ctx=971108&cmp=31085978&plc=382629248&sid=6522286&advid=&adsrv=&unit=728x90&isdvvid=&uid=864473857083&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=122&bridua=3&dup=null&ppid=103&audeal=549644393848091121&auevent=ABAjH0jKRgFK_v9nSj5UdKJb9waU&aucmp=20849867208&aucrtv=537685413&auorder=1015441840&ausite=2597519058&auxch=1&pltfrm=1&aufilter1=1024534&autt=1&c1=1024534&turl=https://postimages.org/&chro=1&hist=2&winh=90&winw=1200&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&prr=1&m1=13&noc=16&fcifrms=5&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8TauU2%3F4r92%3A%3Fl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8Tar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&dvp_exetime=5.70&aubndl=&callbackName=__verify_callback_864473857083
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal125.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 6d8a53b360734ac70446805bbb195283bff634489f894bbfec117f44183a8129

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: br
X-DV-Response: 0
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 03/08/2024 09:29:07

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A049 38 KB
13 KB 64ms
63ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 40731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Mar 2024 22:10:15 GMT
expires: Sat, 08 Mar 2025 22:10:15 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame D46F 9 KB
4 KB 63ms
63ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 40492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Mar 2024 22:14:14 GMT
etag: 5035419970550746386
expires: Fri, 22 Mar 2024 22:14:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame 6178 9 KB
4 KB 64ms
63ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 40492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Mar 2024 22:14:14 GMT
etag: 5035419970550746386
expires: Fri, 22 Mar 2024 22:14:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxUO1yaU2tp-vjX5sqr-NR_iXl-WTl3UmcmnmkzYuGH-XM6TNF_gcLyEfE2SYtLHRQECshRVdqx9Gh8oxUTcJyVewo8y99r3aGCkW_Mpb9Vjm007JGab_oZvgizaXilhplBzXPGt2Q== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 97ms
96ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUO1yaU2tp-vjX5sqr-NR_iXl-WTl3UmcmnmkzYuGH-XM6TNF_gcLyEfE2SYtLHRQECshRVdqx9Gh8oxUTcJyVewo8y99r3aGCkW_Mpb9Vjm007JGab_oZvgizaXilhplBzXPGt2Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5OTc2NTQ2LDkwODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCJid3JNY3M2WmNZZyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.bwrMcs6ZcYg.es5.O/am=wA/d=1/rs=AJlcJMzkjt-1iIsG81Xe67gadpAQdcYYpg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

19173f733ee3c9a6ead91d8a552f0c314ca92d2ec8030013fe608516aabb1bbe

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5FoNn--iuI6x-VZcRa4vUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-5FoNn--iuI6x-VZcRa4vUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjitHikmLw1ZBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiHf4eLDwrZvOqgLEuuuns4YCcczz6awpQOyUPoM1CIh96mewxgCxEA_Ho-sb1rMJrHg26wwzAIF0Kfo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js Show response
pagead2.googlesyndication.com/bg/ Frame A049 51 KB
20 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d97b809cd86ff5976b2e1f38d0320082eb68914dd4b8b282b59bd1400409cf89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20134
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 22:31:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B718 2 KB
587 B 80ms
79ms Stylesheet
text/css 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6700a61b5bd8006d07ddcdf84df499411e0ca045c8e124af25f72b8c4e82dab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 09 Mar 2024 09:29:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 07:30:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 09 Mar 2024 09:29:07 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame B718 2 KB
822 B 64ms
63ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 05:13:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15347
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 05:13:20 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame B718 23 KB
9 KB 66ms
63ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:13:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:13:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame B718 3 KB
1 KB 79ms
75ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:10:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame B718 20 KB
8 KB 81ms
77ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:18:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:18:30 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame B718 207 KB
63 KB 76ms
72ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 08:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1915
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:57:12 GMT

GET
H3 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame B718 36 KB
15 KB 82ms
78ms Script
text/javascript 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40467
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 03:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 06 Jun 2024 22:14:40 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame D46F 15 KB
6 KB 82ms
79ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 05:28:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14416
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6454
x-xss-protection: 0
server: cafe
etag: 9518204868993021864
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 05:28:51 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D46F 205 B
229 B 78ms
76ms Image
image/png 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 09:01:03 GMT
x-content-type-options: nosniff
age: 260884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 06 Mar 2025 09:01:03 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D46F 604 B
628 B 78ms
75ms Image
image/png 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:17:11 GMT
x-content-type-options: nosniff
age: 40316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 08 Mar 2025 22:17:11 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame D46F 22 KB
9 KB 90ms
88ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 19:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50745
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9093
x-xss-protection: 0
server: cafe
etag: 981128176822753981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 19:23:22 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 6178 23 KB
9 KB 89ms
87ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:13:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:13:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CD07 143 B
167 B 73ms
69ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 2001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 08:55:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6178 3 KB
1 KB 101ms
96ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:10:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:10:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6178 20 KB
8 KB 79ms
74ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:18:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:18:30 GMT

GET
H3 200 172499273328232174
tpc.googlesyndication.com/daca_images/simgad/ Frame 6178 49 KB
49 KB 177ms
172ms Image
image/png 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/172499273328232174

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

340ce1cc5609b0ef725d2b528e2aa77d0979611d59ded852956444423010614d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50355
x-xss-protection: 0
last-modified: Mon, 27 Feb 2023 19:43:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Mar 2025 09:29:07 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6178 207 KB
63 KB 70ms
65ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 08:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1915
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:57:12 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6178 36 KB
14 KB 99ms
95ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 10:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14569
x-xss-protection: 0
server: cafe
etag: 13248958906723212501
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 10:22:31 GMT

GET
H3 200 AGSKWxXB2wihv2GG2lAeyI6Dn9v1L_ckQjjBkcq8FIDjfy-9JGv8mOwfa0yn47sW6BMWDLyUexqe-rbcZl8-789stXzOzIMPKxSR6erdD1dG402CxUotyaT9W28HkES2tPkB2pEPtub90g== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 97ms
97ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXB2wihv2GG2lAeyI6Dn9v1L_ckQjjBkcq8FIDjfy-9JGv8mOwfa0yn47sW6BMWDLyUexqe-rbcZl8-789stXzOzIMPKxSR6erdD1dG402CxUotyaT9W28HkES2tPkB2pEPtub90g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5OTc2NTQ3LDM5MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCJid3JNY3M2WmNZZyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2fd72439f5347b14f21e9dced289bcbcc94e4dd1270b2b89ae1146206096ff94

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mQvGJ4h3bgqyBldvZ0GSXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-mQvGJ4h3bgqyBldvZ0GSXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjitHikmLw15BiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiHf4eLDwrZvOqgLEuuuns4YCcczz6awpQOyUPoM1CIh96mewxgCxEDfH4-sb1rMJPFj9QBsAWFwpmw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame D8E5 62 KB
25 KB 233ms
99ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXy8rrGcEtGjx8O5Td6DwLvkrO2DRx1NBjMg9FxxcDkLPfaydo&d=CqkBAKAmf-AZ2tlbHat0KfNGpPgfFf1Iwvn_GtavNqW63A8J4I2nvBqtIhvZeKSln4xvqSHCDUtPSwurTyfa3U_4KX3v2lXuR1_p2a-ewh_gFZ2Qv1w3DEdaZK3QX1oyr9N53US07StZidQyB4VUZmLRBl2fXmYmyJJlqMCV94oHehj7xwivp82Wo55J3d2tEbImaJmuU2lDsdXoXY3_UoqUwcF8NO9ufo56TBKZFgCgJn_g6vVTGvDCmzRsEOZbPxKeslfQa7eZsZtL5-xTwBgIWwFmZ3bQAk6vRZEzTEWG4XRUsTMX2pNSUmdBgMKlcYB7F9hV2bg_liczlNb5y-v6nyNOQPNrEYqRM0DkCUkuNBq3qCawhKoZvgGqGQ4URsIu1InGluX5Tlctqr-pzYyykt6IrnV6nQgN-rbVHZV3g1ZqRs_kTtvR6bw7yOPT2bg29UyxEayRgoM1mFXMAlu-2iLfDIlNA8v4HCwsX_qsjeEQp-skoJQnXY2ACYVIL-Os_WMfN2jO9P0yFCRVAVblif_ATzn59NwmQj48PxTXVt-Di20hGUEGqMcMY5jFVjY-y_vF8_D1mYENQx80waSpGsHP3cloqNlxISTcaKBEL_Dv-jOXhkUGaDwLYaNuICvbYEOsh7Nrw4yrOnLhjHo8fXyRkrFVtV2vjypO2WwxX3T7PtqJVUBJPCx_lwC9yR8sfxo5jErHlBcMitTLdlvotDMI06StIZj4uguJCIhW1LTdErfCnlmu6kazqF5ou7yFMFK1d4Om2iR2QmvGYTUpmbFPLfihRojgnhprPBGwRZFtDEtIEOfoAQTPJdr8w6kx7lJLW0DTIj9hPIzLhAcSHinHaxfB5PiG0CdVf1bZCga70sJDEMqvB4LTBv4HkYZ_MbENHHhQIMCeLJM_nw77xI-WSYZK5iYICJZ_9qMdcluITMHNnba2WoQczg4nZec-D_RodkgVNfwMfpRtUti0vjgP6Y_BGFim_t5C5RxSPKceYOkPCgGDTE0TIFUWvI5qnjfNYJFOxcXyDEOY8nF701vJ1QFmZs8Qb0oCDPEOL6BnUspsbbeqs-tKYi6NMkDG9Q7ldCNw5SRzsMAe_pl8WljtYnbZsqalX0FW5psceOL3_fmBL5pcpVGg1xS9HwAOqtNMv8j4bQCxrQ9pCo_-L9Cofx5ZnglYggTlBBUcGJNzjEUs45A-d1hQK3UGOJ-GQVO0904RYq2qmHznnXqN-q-xEjn9Igw27C4L7sxoHeqvEvSbXq4eFEAQLKgJzzujr7xJUusTBbFO5h17ECrJhZdQwxuR_UbtovTVGTqYgo8fmAMTP4FwmnAcpTKeTUmnhqZiD9Z6tF68TIWTr_X2VOREdbwsfwNj5cQWQuAqvCk3aoFgze8vnkozl9ZC33bBapNOJ_pw2-yDDQqeWQLyGW8cA8ZmRCsIX5VO5yVrAsJm8EEBeJay4k5WLdcw7qUpG6XXMyydJ62wMwZf2fEpxZK3E_sV2S98wgew_yY-vFild__fd56_m503OBEoZvYttncbKZvpXp5ky5agkx1TfWmztKDPNAUhQc6aIvcsR7zCPVwquE4RZvRj1kIb-bdaluu4wt0yBHXSOGqGmoDrMw_RrRwGThQTk_aBwcxwLT8dQ5B_9hqN4wWpxtqxYUxEa1IlAY2MZKhs4oCdQX3Kcuv7_QtsDV0clgtZ7fDi7N4ED6uxopFHnJs0dpTbWDlNO4NZcXwQJ2pE8LyOamb7KIBb97OPtMBGfp-03PhfaXkfQFDPfeAywPUjv4TWzSe2CwEr49cw2v6K32YvGIOLv_kW8NIcZHtxXsx4RXdaagajYzCjRUc8nkqnIMCgisuiKlg55glEAJEeTx3Q1wMBL9mGYjZmaxRZqpHJoFgea4ZHQBfener5r0Lb_C2-x_63TN_bZo7XuyMsYy9dBTgdzu7LASisP_-EbeQJQrf6bPiyL79WDzAZC3N9YNOYrB4kllaUtt9j13qf67Wqm7U4FGj5m-Xlb_lISrXPi1a5GRCpTtXOJPn6ar8pui6xYpr-X3z1yxeqOstnp8813w__6aQXICFcwBb2WRqYCkay7UW1UNwSSCenMwNg4JoeDgSiyUMbNHr2M2EVB7thpoRjbHmoElDJtHL1pjL1h7LErUJG6XplkyhigOjBSYm-TgfbRisgMdJfPfKWbBVO6dNvs4kCaCwL72k6YJLCXXJgxNSzeO0qKHrCzorcT7RcgqrAbuud3YCipIjUQ3pnvi0We7nE-6HiXNABc-l_8X2lXGItJDH0GPGjMrDvHQZ9hqpHqgViDpWkj9wQD0RR9zDdfDyeBM0t5QoqHk-ZM9DT-DNoT_oxMdZGA0DUTa7737gS3vgK-M35EOt_L6ROpdEzWWF4W4d2HxcPOv1tE8tVHDieF5LMogT4fSB0yp3dOhWUm-6O0n-A9J0vRZ3-dGp94VhVPVSR7FvFQYWS74uf6s65uJfs4JrBb50W1kjUvvk2g0S7dar3o-CD6hjOzejHUV07OjRoXvNH8EdI6-_JJupX7y7PGvA9imf_h5BhyiulhEHxUZYm_c-qd_DO6p5_P94iDaJW1G4wOxLHTfEL3UHOvkkGUKbOrXk6LGBYpX7waM6B3POMaZ5XIOpA52m55jrW8FzcwL2qzWoZvtokjUKizBm51gYEMrQsXBgbLNIzH0Gml1QoTZ4qDyP0AS1cXlUvtExIrocy-Q15Rx0dhMmAxBxzgnKmyWfrth_HNtekQbfH-1Bx5TkhEunsX1asEvt4yXEdRT62TICsLbpsF0sEpZ_QrLgIGyfvJE4eaJ022_IbFfkorrafgBGKSOZnA6Stfeo9NRQSfmw-yHg-FcllfWEAXDGIDG9aukGRNY-D_MJvUv3AoMCv8R1OICoPBy9fRmyxxU6EwnFpQCrPtILKXyRMc1zrgHZYFWI9lmFjKFIc0xCxZiqhqpmGC5hQ_Z_gRYrRiVJs8EjWRw17STR_4BTzdcEFuHYWYHGtwtFgtyImtefyuN2X7TrNYJiDOgH0YaSY4ZaDOpPUACmzN-40RHs97NB7t_nUZcDME08ydHopMt5hHxU0IYnPsFUlnkDvfkz6dX7ITOolXO9kRRyOCnmh5C3sjusFNDnphcOMCCdRjH3KyaGApoEJDPmG6G_w-hABHV1dNc7NDvQS_l71C7ijb-nzpqSAmrXZQ1H9gdWpzqMoMuEmV6LL-fNKMMYjRvv3bIzMr6XgmNLmrXeMCuAy5oHwlu0uG8hGR6R9n23JiooRh5-qLFhqg_b3kQDYwfGNEteKkFYfPDiEa20iQIjNBBXlCu4MuqL2QvtwJKDGDU_6Tgko8K726DZ7qp0JMJ8Ln3oXz-l8u3b5Cv-DptrXIgp6jnO59rtcJL4YKcPjhocW9-bKNwg_pARRsQMdXZTzL74UwXTMdIuEbi83qp0sJsJt2GCUXU96Rq3HMq3J1jxneC0iAsWYdQVVrm0VCIAJ5G8-tiR4YfHbpZtVxN7OIwvaOkWjwA-z0y7vJi7K537x3snfC4rfd6MeKDLclExOGGDKVuFCY9eWoByCHJDTr7CSSA3tAmVfawgk4OtAktqULX9q73v1MaRn69qbciK7sz3yY42usAt0vvG7-FtFAUxPX-Tr8JvXaqp3f1jnEM1mQy2e71DkiMCrPHayJdPY4IBMNHygIcCBS5tyEK3jWvGJXDw5qE9n2s7PFrnjbgfQS_HMUiY9VqL5bLV4zOlCbz5ZlkHMWZPlZbNOM-g70L1yPiK4OjJ2X_f7ajBqkqlEwfqvGW0cjY2_ph1RLpKck5io5Az6K8ere-cpFWVIEGFnf-zJgantbtHz9efkAlshC9geEKUE7LGdQWqQyH5M3c3uFtFrKOQxASraRQRH0KlMFNQyEYOO543A4mRg4JeFywHODHTNs_l4SUK3EEO1SzayNzDoOWjuuFNha_39EfRKGb9a6Uoq8Hr2Q0hpDRcCyRBOn5YoFOZ42mvS3dc6SsD4jCwhwFXuminBL_SJFxpVCAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAWAB

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

96f395ade4d1cc12209f868d7f2ae29903d82a6d8ba5063c5653a32cf1aa22f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24963
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2921 0
22 B 124ms
123ms Ping
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=CgsIByEAAAAAAAAiQAoHCAgqA2x0cgoLCAEqB2Jhbm5lcjMKCggCKgZzZXJ2ZXIKKxoedF9kaXNwbGF5ZWRfbWF4aW1hbF90YWdfdHlwZV9iIQAAAAAAAABAMAEKKxoedF9kaXNwbGF5ZWRfbWF4aW1hbF90YWdfdHlwZV8uIQAAAAAAAAhAMAEKJRoYdF90b3RhbF9tYXhpbWFsX3Byb2R1Y3RzIQAAAAAAABRAMAESGkNObWgzNFR2NW9RREZkLTQwUVFkaDRJQWhRIhJncGEvbWF4aW1hbF92MV9vY2goDA==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/3e4ba1a8aaf1eb5089ecf6e0b9cafde2.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2921
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C2fkS4SvsZZmtN9_xxtYPh4WCqAigxYikdp_zruG3ELKQHxABIJHywAdgyYaAgNyjxBCgAZL68doDyAEJqAMByAPLBKoEzAFP0BM5MNoCiNSAuQDJO14_S9S-LptCDFNE8AXjINvCD500XEq...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x12f06c7ee6ce35b40000000000000000%22,%222%22:%220x30ea4c30a4b253070000000000000000%22,%223%22:%220xc6c512...

0
0

120ms
119ms

Fetch
text/css

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x12f06c7ee6ce35b40000000000000000%22,%222%22:%220x30ea4c30a4b253070000000000000000%22,%223%22:%220xc6c51282f535629d0000000000000000%22,%224%22:%220xc90d412a13dd7acd0000000000000000%22,%225%22:%220xa99b7c4c77ef40880000000000000000%22},%22debug_key%22:%2210069248175737810102%22,%22debug_reporting%22:true,%22destination%22:%22https://etsy.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22995917074%22],%2222%22:[%22true%22],%224%22:[%2203-09%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224855101139345984065%22}&andc=true

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x12f06c7ee6ce35b40000000000000000","2":"0x30ea4c30a4b253070000000000000000","3":"0xc6c51282f535629d0000000000000000","4":"0xc90d412a13dd7acd0000000000000000","5":"0xa99b7c4c77ef40880000000000000000"},"debug_key":"10069248175737810102","debug_reporting":true,"destination":"https://etsy.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["995917074"],"22":["true"],"4":["03-09"],"6":["true"]},"priority":"500","source_event_id":"4855101139345984065"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 09 Mar 2024 09:29:07 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x12f06c7ee6ce35b40000000000000000","2":"0x30ea4c30a4b253070000000000000000","3":"0xc6c51282f535629d0000000000000000","4":"0xc90d412a13dd7acd0000000000000000","5":"0xa99b7c4c77ef40880000000000000000"},"debug_key":"10069248175737810102","debug_reporting":true,"destination":"https://etsy.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["995917074"],"22":["true"],"4":["03-09"],"6":["true"]},"priority":"500","source_event_id":"4855101139345984065"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js Show response
pagead2.googlesyndication.com/bg/ Frame 9344 51 KB
20 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d97b809cd86ff5976b2e1f38d0320082eb68914dd4b8b282b59bd1400409cf89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20134
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 22:31:02 GMT

GET
DATA 200
OK truncated
/ Frame 6178 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338f3f2b7b69124414d1655be7a2d2fae52bcffe933a480ab96d17040988de02

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CD07
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
23 B

86ms
86ms

Document
text/html

2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:07 GMT
expires: Sat, 09 Mar 2024 09:29:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:07 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js Show response
pagead2.googlesyndication.com/bg/ Frame EF05 51 KB
20 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d97b809cd86ff5976b2e1f38d0320082eb68914dd4b8b282b59bd1400409cf89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20134
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 22:31:02 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 6178
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CjV-u4SvsZdyQNpXHoPMPwZ-BsAz_3YaZdo7xw9vHEputmeTrFhABIJHywAdgyYaAgNyjxBCgAYvliMUDyAECqAMByAPJBKoEzgFP0E_BlGQ5A0Gebk782Art4YFRNCJcdtr7-hyH7_6TAuI...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x11b231d237afa52f0000000000000000%22,%222%22:%220xec67edf7e5f566310000000000000000%22,%223%22:%220x1d7d26...

0
0

122ms
121ms

Fetch
text/css

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x11b231d237afa52f0000000000000000%22,%222%22:%220xec67edf7e5f566310000000000000000%22,%223%22:%220x1d7d26500f9d2a980000000000000000%22,%224%22:%220xf3a334f50d2ece640000000000000000%22,%225%22:%220xcf3f7e2fe0fadbdc0000000000000000%22},%22debug_key%22:%227063556762000718258%22,%22debug_reporting%22:true,%22destination%22:%22https://miamidade.gov%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22950153867%22],%2222%22:[%22true%22],%224%22:[%2203-09%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224518407184230424897%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x11b231d237afa52f0000000000000000","2":"0xec67edf7e5f566310000000000000000","3":"0x1d7d26500f9d2a980000000000000000","4":"0xf3a334f50d2ece640000000000000000","5":"0xcf3f7e2fe0fadbdc0000000000000000"},"debug_key":"7063556762000718258","debug_reporting":true,"destination":"https://miamidade.gov","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["950153867"],"22":["true"],"4":["03-09"],"6":["true"]},"priority":"500","source_event_id":"4518407184230424897"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 09 Mar 2024 09:29:07 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x11b231d237afa52f0000000000000000","2":"0xec67edf7e5f566310000000000000000","3":"0x1d7d26500f9d2a980000000000000000","4":"0xf3a334f50d2ece640000000000000000","5":"0xcf3f7e2fe0fadbdc0000000000000000"},"debug_key":"7063556762000718258","debug_reporting":true,"destination":"https://miamidade.gov","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["950153867"],"22":["true"],"4":["03-09"],"6":["true"]},"priority":"500","source_event_id":"4518407184230424897"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 254ms
122ms Preflight
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 09 Mar 2024 09:29:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame D8E5 30 KB
11 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXy8rrGcEtGjx8O5Td6DwLvkrO2DRx1NBjMg9FxxcDkLPfaydo&d=CqkBAKAmf-AZ2tlbHat0KfNGpPgfFf1Iwvn_GtavNqW63A8J4I2nvBqtIhvZeKSln4xvqSHCDUtPSwurTyfa3U_4KX3v2lXuR1_p2a-ewh_gFZ2Qv1w3DEdaZK3QX1oyr9N53US07StZidQyB4VUZmLRBl2fXmYmyJJlqMCV94oHehj7xwivp82Wo55J3d2tEbImaJmuU2lDsdXoXY3_UoqUwcF8NO9ufo56TBKZFgCgJn_g6vVTGvDCmzRsEOZbPxKeslfQa7eZsZtL5-xTwBgIWwFmZ3bQAk6vRZEzTEWG4XRUsTMX2pNSUmdBgMKlcYB7F9hV2bg_liczlNb5y-v6nyNOQPNrEYqRM0DkCUkuNBq3qCawhKoZvgGqGQ4URsIu1InGluX5Tlctqr-pzYyykt6IrnV6nQgN-rbVHZV3g1ZqRs_kTtvR6bw7yOPT2bg29UyxEayRgoM1mFXMAlu-2iLfDIlNA8v4HCwsX_qsjeEQp-skoJQnXY2ACYVIL-Os_WMfN2jO9P0yFCRVAVblif_ATzn59NwmQj48PxTXVt-Di20hGUEGqMcMY5jFVjY-y_vF8_D1mYENQx80waSpGsHP3cloqNlxISTcaKBEL_Dv-jOXhkUGaDwLYaNuICvbYEOsh7Nrw4yrOnLhjHo8fXyRkrFVtV2vjypO2WwxX3T7PtqJVUBJPCx_lwC9yR8sfxo5jErHlBcMitTLdlvotDMI06StIZj4uguJCIhW1LTdErfCnlmu6kazqF5ou7yFMFK1d4Om2iR2QmvGYTUpmbFPLfihRojgnhprPBGwRZFtDEtIEOfoAQTPJdr8w6kx7lJLW0DTIj9hPIzLhAcSHinHaxfB5PiG0CdVf1bZCga70sJDEMqvB4LTBv4HkYZ_MbENHHhQIMCeLJM_nw77xI-WSYZK5iYICJZ_9qMdcluITMHNnba2WoQczg4nZec-D_RodkgVNfwMfpRtUti0vjgP6Y_BGFim_t5C5RxSPKceYOkPCgGDTE0TIFUWvI5qnjfNYJFOxcXyDEOY8nF701vJ1QFmZs8Qb0oCDPEOL6BnUspsbbeqs-tKYi6NMkDG9Q7ldCNw5SRzsMAe_pl8WljtYnbZsqalX0FW5psceOL3_fmBL5pcpVGg1xS9HwAOqtNMv8j4bQCxrQ9pCo_-L9Cofx5ZnglYggTlBBUcGJNzjEUs45A-d1hQK3UGOJ-GQVO0904RYq2qmHznnXqN-q-xEjn9Igw27C4L7sxoHeqvEvSbXq4eFEAQLKgJzzujr7xJUusTBbFO5h17ECrJhZdQwxuR_UbtovTVGTqYgo8fmAMTP4FwmnAcpTKeTUmnhqZiD9Z6tF68TIWTr_X2VOREdbwsfwNj5cQWQuAqvCk3aoFgze8vnkozl9ZC33bBapNOJ_pw2-yDDQqeWQLyGW8cA8ZmRCsIX5VO5yVrAsJm8EEBeJay4k5WLdcw7qUpG6XXMyydJ62wMwZf2fEpxZK3E_sV2S98wgew_yY-vFild__fd56_m503OBEoZvYttncbKZvpXp5ky5agkx1TfWmztKDPNAUhQc6aIvcsR7zCPVwquE4RZvRj1kIb-bdaluu4wt0yBHXSOGqGmoDrMw_RrRwGThQTk_aBwcxwLT8dQ5B_9hqN4wWpxtqxYUxEa1IlAY2MZKhs4oCdQX3Kcuv7_QtsDV0clgtZ7fDi7N4ED6uxopFHnJs0dpTbWDlNO4NZcXwQJ2pE8LyOamb7KIBb97OPtMBGfp-03PhfaXkfQFDPfeAywPUjv4TWzSe2CwEr49cw2v6K32YvGIOLv_kW8NIcZHtxXsx4RXdaagajYzCjRUc8nkqnIMCgisuiKlg55glEAJEeTx3Q1wMBL9mGYjZmaxRZqpHJoFgea4ZHQBfener5r0Lb_C2-x_63TN_bZo7XuyMsYy9dBTgdzu7LASisP_-EbeQJQrf6bPiyL79WDzAZC3N9YNOYrB4kllaUtt9j13qf67Wqm7U4FGj5m-Xlb_lISrXPi1a5GRCpTtXOJPn6ar8pui6xYpr-X3z1yxeqOstnp8813w__6aQXICFcwBb2WRqYCkay7UW1UNwSSCenMwNg4JoeDgSiyUMbNHr2M2EVB7thpoRjbHmoElDJtHL1pjL1h7LErUJG6XplkyhigOjBSYm-TgfbRisgMdJfPfKWbBVO6dNvs4kCaCwL72k6YJLCXXJgxNSzeO0qKHrCzorcT7RcgqrAbuud3YCipIjUQ3pnvi0We7nE-6HiXNABc-l_8X2lXGItJDH0GPGjMrDvHQZ9hqpHqgViDpWkj9wQD0RR9zDdfDyeBM0t5QoqHk-ZM9DT-DNoT_oxMdZGA0DUTa7737gS3vgK-M35EOt_L6ROpdEzWWF4W4d2HxcPOv1tE8tVHDieF5LMogT4fSB0yp3dOhWUm-6O0n-A9J0vRZ3-dGp94VhVPVSR7FvFQYWS74uf6s65uJfs4JrBb50W1kjUvvk2g0S7dar3o-CD6hjOzejHUV07OjRoXvNH8EdI6-_JJupX7y7PGvA9imf_h5BhyiulhEHxUZYm_c-qd_DO6p5_P94iDaJW1G4wOxLHTfEL3UHOvkkGUKbOrXk6LGBYpX7waM6B3POMaZ5XIOpA52m55jrW8FzcwL2qzWoZvtokjUKizBm51gYEMrQsXBgbLNIzH0Gml1QoTZ4qDyP0AS1cXlUvtExIrocy-Q15Rx0dhMmAxBxzgnKmyWfrth_HNtekQbfH-1Bx5TkhEunsX1asEvt4yXEdRT62TICsLbpsF0sEpZ_QrLgIGyfvJE4eaJ022_IbFfkorrafgBGKSOZnA6Stfeo9NRQSfmw-yHg-FcllfWEAXDGIDG9aukGRNY-D_MJvUv3AoMCv8R1OICoPBy9fRmyxxU6EwnFpQCrPtILKXyRMc1zrgHZYFWI9lmFjKFIc0xCxZiqhqpmGC5hQ_Z_gRYrRiVJs8EjWRw17STR_4BTzdcEFuHYWYHGtwtFgtyImtefyuN2X7TrNYJiDOgH0YaSY4ZaDOpPUACmzN-40RHs97NB7t_nUZcDME08ydHopMt5hHxU0IYnPsFUlnkDvfkz6dX7ITOolXO9kRRyOCnmh5C3sjusFNDnphcOMCCdRjH3KyaGApoEJDPmG6G_w-hABHV1dNc7NDvQS_l71C7ijb-nzpqSAmrXZQ1H9gdWpzqMoMuEmV6LL-fNKMMYjRvv3bIzMr6XgmNLmrXeMCuAy5oHwlu0uG8hGR6R9n23JiooRh5-qLFhqg_b3kQDYwfGNEteKkFYfPDiEa20iQIjNBBXlCu4MuqL2QvtwJKDGDU_6Tgko8K726DZ7qp0JMJ8Ln3oXz-l8u3b5Cv-DptrXIgp6jnO59rtcJL4YKcPjhocW9-bKNwg_pARRsQMdXZTzL74UwXTMdIuEbi83qp0sJsJt2GCUXU96Rq3HMq3J1jxneC0iAsWYdQVVrm0VCIAJ5G8-tiR4YfHbpZtVxN7OIwvaOkWjwA-z0y7vJi7K537x3snfC4rfd6MeKDLclExOGGDKVuFCY9eWoByCHJDTr7CSSA3tAmVfawgk4OtAktqULX9q73v1MaRn69qbciK7sz3yY42usAt0vvG7-FtFAUxPX-Tr8JvXaqp3f1jnEM1mQy2e71DkiMCrPHayJdPY4IBMNHygIcCBS5tyEK3jWvGJXDw5qE9n2s7PFrnjbgfQS_HMUiY9VqL5bLV4zOlCbz5ZlkHMWZPlZbNOM-g70L1yPiK4OjJ2X_f7ajBqkqlEwfqvGW0cjY2_ph1RLpKck5io5Az6K8ere-cpFWVIEGFnf-zJgantbtHz9efkAlshC9geEKUE7LGdQWqQyH5M3c3uFtFrKOQxASraRQRH0KlMFNQyEYOO543A4mRg4JeFywHODHTNs_l4SUK3EEO1SzayNzDoOWjuuFNha_39EfRKGb9a6Uoq8Hr2Q0hpDRcCyRBOn5YoFOZ42mvS3dc6SsD4jCwhwFXuminBL_SJFxpVCAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAWAB

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7d7ccd1b1b1900c730b760fa8b3b5748a073ecdedbd7710e04fbf03cd42afd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 14:19:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68956
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11520
x-xss-protection: 0
server: cafe
etag: 9162932350781899495
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 14:19:51 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame D8E5 12 KB
4 KB 66ms
66ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Mar 2024 22:14:41 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D8E5 0
0 266ms
125ms Fetch
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsviVG4KrPAKWXwosYzJtlBgZSBEWqdko3oj8oRU_9ksU795nmge1CV-SrVkrYLDT9VecCQRKlDbG-D8QhSLxGryQJdE3RyDjWfy2lqLzqx56oEgBCxXM0FkdTqqtgQvtLRY1cDrFm1KTR5YjHOUEC8NR_565qEp_Zdtx5Jd_Kowo4sL7M8ZkmTMpHEaJTmZAb6oLTnBrS76O1guTFRwiPDPUzGlwcLQl4dZ6wutzw&sai=AMfl-YTbQeSiDtaarO7ozUha8m9dZ79tNUXFSEXntCyk1ehcol2topthIX8_UbabONZ5T5iyW88NdnJP6a4Un5H-dPDNBvdZJaqSRffz-ESfgyUxhbvOD8Nkr2Wkqp59CPo17s5Bu-m4YIpeeRp2ML3jMbw-chJc&sig=Cg0ArKJSzM9mcNVuhlHqEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240306.12784&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 09 Mar 2024 09:29:07 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame D8E5 9 KB
4 KB 70ms
69ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=971108&cmp=31085978&sid=6522286&plc=382629248&num=&adid=&advid=4053494&adsrv=1&region=30&btreg=573936429&btadsrv=doubleclick&crt=204341662&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src
Requested by: Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXy8rrGcEtGjx8O5Td6DwLvkrO2DRx1NBjMg9FxxcDkLPfaydo&d=CqkBAKAmf-AZ2tlbHat0KfNGpPgfFf1Iwvn_GtavNqW63A8J4I2nvBqtIhvZeKSln4xvqSHCDUtPSwurTyfa3U_4KX3v2lXuR1_p2a-ewh_gFZ2Qv1w3DEdaZK3QX1oyr9N53US07StZidQyB4VUZmLRBl2fXmYmyJJlqMCV94oHehj7xwivp82Wo55J3d2tEbImaJmuU2lDsdXoXY3_UoqUwcF8NO9ufo56TBKZFgCgJn_g6vVTGvDCmzRsEOZbPxKeslfQa7eZsZtL5-xTwBgIWwFmZ3bQAk6vRZEzTEWG4XRUsTMX2pNSUmdBgMKlcYB7F9hV2bg_liczlNb5y-v6nyNOQPNrEYqRM0DkCUkuNBq3qCawhKoZvgGqGQ4URsIu1InGluX5Tlctqr-pzYyykt6IrnV6nQgN-rbVHZV3g1ZqRs_kTtvR6bw7yOPT2bg29UyxEayRgoM1mFXMAlu-2iLfDIlNA8v4HCwsX_qsjeEQp-skoJQnXY2ACYVIL-Os_WMfN2jO9P0yFCRVAVblif_ATzn59NwmQj48PxTXVt-Di20hGUEGqMcMY5jFVjY-y_vF8_D1mYENQx80waSpGsHP3cloqNlxISTcaKBEL_Dv-jOXhkUGaDwLYaNuICvbYEOsh7Nrw4yrOnLhjHo8fXyRkrFVtV2vjypO2WwxX3T7PtqJVUBJPCx_lwC9yR8sfxo5jErHlBcMitTLdlvotDMI06StIZj4uguJCIhW1LTdErfCnlmu6kazqF5ou7yFMFK1d4Om2iR2QmvGYTUpmbFPLfihRojgnhprPBGwRZFtDEtIEOfoAQTPJdr8w6kx7lJLW0DTIj9hPIzLhAcSHinHaxfB5PiG0CdVf1bZCga70sJDEMqvB4LTBv4HkYZ_MbENHHhQIMCeLJM_nw77xI-WSYZK5iYICJZ_9qMdcluITMHNnba2WoQczg4nZec-D_RodkgVNfwMfpRtUti0vjgP6Y_BGFim_t5C5RxSPKceYOkPCgGDTE0TIFUWvI5qnjfNYJFOxcXyDEOY8nF701vJ1QFmZs8Qb0oCDPEOL6BnUspsbbeqs-tKYi6NMkDG9Q7ldCNw5SRzsMAe_pl8WljtYnbZsqalX0FW5psceOL3_fmBL5pcpVGg1xS9HwAOqtNMv8j4bQCxrQ9pCo_-L9Cofx5ZnglYggTlBBUcGJNzjEUs45A-d1hQK3UGOJ-GQVO0904RYq2qmHznnXqN-q-xEjn9Igw27C4L7sxoHeqvEvSbXq4eFEAQLKgJzzujr7xJUusTBbFO5h17ECrJhZdQwxuR_UbtovTVGTqYgo8fmAMTP4FwmnAcpTKeTUmnhqZiD9Z6tF68TIWTr_X2VOREdbwsfwNj5cQWQuAqvCk3aoFgze8vnkozl9ZC33bBapNOJ_pw2-yDDQqeWQLyGW8cA8ZmRCsIX5VO5yVrAsJm8EEBeJay4k5WLdcw7qUpG6XXMyydJ62wMwZf2fEpxZK3E_sV2S98wgew_yY-vFild__fd56_m503OBEoZvYttncbKZvpXp5ky5agkx1TfWmztKDPNAUhQc6aIvcsR7zCPVwquE4RZvRj1kIb-bdaluu4wt0yBHXSOGqGmoDrMw_RrRwGThQTk_aBwcxwLT8dQ5B_9hqN4wWpxtqxYUxEa1IlAY2MZKhs4oCdQX3Kcuv7_QtsDV0clgtZ7fDi7N4ED6uxopFHnJs0dpTbWDlNO4NZcXwQJ2pE8LyOamb7KIBb97OPtMBGfp-03PhfaXkfQFDPfeAywPUjv4TWzSe2CwEr49cw2v6K32YvGIOLv_kW8NIcZHtxXsx4RXdaagajYzCjRUc8nkqnIMCgisuiKlg55glEAJEeTx3Q1wMBL9mGYjZmaxRZqpHJoFgea4ZHQBfener5r0Lb_C2-x_63TN_bZo7XuyMsYy9dBTgdzu7LASisP_-EbeQJQrf6bPiyL79WDzAZC3N9YNOYrB4kllaUtt9j13qf67Wqm7U4FGj5m-Xlb_lISrXPi1a5GRCpTtXOJPn6ar8pui6xYpr-X3z1yxeqOstnp8813w__6aQXICFcwBb2WRqYCkay7UW1UNwSSCenMwNg4JoeDgSiyUMbNHr2M2EVB7thpoRjbHmoElDJtHL1pjL1h7LErUJG6XplkyhigOjBSYm-TgfbRisgMdJfPfKWbBVO6dNvs4kCaCwL72k6YJLCXXJgxNSzeO0qKHrCzorcT7RcgqrAbuud3YCipIjUQ3pnvi0We7nE-6HiXNABc-l_8X2lXGItJDH0GPGjMrDvHQZ9hqpHqgViDpWkj9wQD0RR9zDdfDyeBM0t5QoqHk-ZM9DT-DNoT_oxMdZGA0DUTa7737gS3vgK-M35EOt_L6ROpdEzWWF4W4d2HxcPOv1tE8tVHDieF5LMogT4fSB0yp3dOhWUm-6O0n-A9J0vRZ3-dGp94VhVPVSR7FvFQYWS74uf6s65uJfs4JrBb50W1kjUvvk2g0S7dar3o-CD6hjOzejHUV07OjRoXvNH8EdI6-_JJupX7y7PGvA9imf_h5BhyiulhEHxUZYm_c-qd_DO6p5_P94iDaJW1G4wOxLHTfEL3UHOvkkGUKbOrXk6LGBYpX7waM6B3POMaZ5XIOpA52m55jrW8FzcwL2qzWoZvtokjUKizBm51gYEMrQsXBgbLNIzH0Gml1QoTZ4qDyP0AS1cXlUvtExIrocy-Q15Rx0dhMmAxBxzgnKmyWfrth_HNtekQbfH-1Bx5TkhEunsX1asEvt4yXEdRT62TICsLbpsF0sEpZ_QrLgIGyfvJE4eaJ022_IbFfkorrafgBGKSOZnA6Stfeo9NRQSfmw-yHg-FcllfWEAXDGIDG9aukGRNY-D_MJvUv3AoMCv8R1OICoPBy9fRmyxxU6EwnFpQCrPtILKXyRMc1zrgHZYFWI9lmFjKFIc0xCxZiqhqpmGC5hQ_Z_gRYrRiVJs8EjWRw17STR_4BTzdcEFuHYWYHGtwtFgtyImtefyuN2X7TrNYJiDOgH0YaSY4ZaDOpPUACmzN-40RHs97NB7t_nUZcDME08ydHopMt5hHxU0IYnPsFUlnkDvfkz6dX7ITOolXO9kRRyOCnmh5C3sjusFNDnphcOMCCdRjH3KyaGApoEJDPmG6G_w-hABHV1dNc7NDvQS_l71C7ijb-nzpqSAmrXZQ1H9gdWpzqMoMuEmV6LL-fNKMMYjRvv3bIzMr6XgmNLmrXeMCuAy5oHwlu0uG8hGR6R9n23JiooRh5-qLFhqg_b3kQDYwfGNEteKkFYfPDiEa20iQIjNBBXlCu4MuqL2QvtwJKDGDU_6Tgko8K726DZ7qp0JMJ8Ln3oXz-l8u3b5Cv-DptrXIgp6jnO59rtcJL4YKcPjhocW9-bKNwg_pARRsQMdXZTzL74UwXTMdIuEbi83qp0sJsJt2GCUXU96Rq3HMq3J1jxneC0iAsWYdQVVrm0VCIAJ5G8-tiR4YfHbpZtVxN7OIwvaOkWjwA-z0y7vJi7K537x3snfC4rfd6MeKDLclExOGGDKVuFCY9eWoByCHJDTr7CSSA3tAmVfawgk4OtAktqULX9q73v1MaRn69qbciK7sz3yY42usAt0vvG7-FtFAUxPX-Tr8JvXaqp3f1jnEM1mQy2e71DkiMCrPHayJdPY4IBMNHygIcCBS5tyEK3jWvGJXDw5qE9n2s7PFrnjbgfQS_HMUiY9VqL5bLV4zOlCbz5ZlkHMWZPlZbNOM-g70L1yPiK4OjJ2X_f7ajBqkqlEwfqvGW0cjY2_ph1RLpKck5io5Az6K8ere-cpFWVIEGFnf-zJgantbtHz9efkAlshC9geEKUE7LGdQWqQyH5M3c3uFtFrKOQxASraRQRH0KlMFNQyEYOO543A4mRg4JeFywHODHTNs_l4SUK3EEO1SzayNzDoOWjuuFNha_39EfRKGb9a6Uoq8Hr2Q0hpDRcCyRBOn5YoFOZ42mvS3dc6SsD4jCwhwFXuminBL_SJFxpVCAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAWAB
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 072b26b82798ad8c49b4525afeb2b3687cd64e524f60595e37757eb554a21d3e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Mar 2024 15:50:48 GMT
Server: UploadServer
ETag: "bc91959d78a89ee428551b43d8baa723"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3638
Expires: Sat, 09 Mar 2024 09:44:07 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame D8E5 23 KB
8 KB 202ms
64ms Script
text/javascript 18.238.55.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=comcast01&aid=comcast01&cid=%ebuy_6522286_382629248_204341662&js=st_0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-5.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

e26104a44aaac36db8dbf86e035fcbfa53cc58a62d122cd7f149090eb4e78854

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 07:36:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 2c8fc98e914dd92124c9f02bae44cffc.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK52-P4
cross-origin-embedder-policy: unsafe-none
age: 6741
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7402
x-xss-protection: 1; mode=block
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=3600
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: vXtWfnph6svKzrOb-AzNVurqxGvsTPIq8j8ZpkgVkEyhL0QWIS5Lrw==
expires: Sat, 09 Mar 2024 08:36:46 GMT

GET
H2

200

firstevent
comcast.demdex.net/ Frame D8E5
Redirect Chain

https://comcast.demdex.net/event?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043
https://comcast.demdex.net/firstevent?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043

42 B
720 B

64ms
64ms

Image
image/gif

18.208.254.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://comcast.demdex.net/firstevent?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043

Requested by

Protocol

Server

18.208.254.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-208-254-216.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v057-061025956.edge-va6.demdex.com 5 ms
pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 3WVneqTZRR0=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-2-v057-07430859f.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: qkCNyrO2Tmo=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://comcast.demdex.net/firstevent?d_event=imp&d_src=1478&d_site=6522286&d_creative=204341662&d_placement=382629248&d_campaign=31085978&d_cb=799909043
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 /
d.agkn.com/pixel/2387/ Frame D8E5 43 B
631 B 599ms
73ms Image
image/gif 2600:9000:21da:3c00:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=US&st=FL&city=17762&dma=30&zp=33018&bw=3&che=799909043&aid=4053494&col=31085978,6522286,382629248,573936429,204341662
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709976545&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709976545290&bpp=2&bdt=486&idt=550&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2414228942947&frm=20&pv=1&ga_vid=1185124059.1709976546&ga_sid=1709976546&ga_hid=968420541&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081586%2C31081612%2C31081642%2C31081645%2C95321957%2C95322388%2C95324161%2C95325785%2C95326936&oid=2&pvsid=1577518690999755&tmod=257740397&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=555
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21da:3c00:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
via: 1.1 e2ddb156cdc225570ee247c2aefc938e.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: image/gif
cache-control: no-cache, must-revalidate
content-length: 43
x-amz-cf-id: aVUJCXafTnA2O1M35R9g78QHx1e3DL-WQfyNQ30WxMfAc_SqfI7XEw==
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements5557.js Show response
cdn.doubleverify.com/ Frame 72D5 414 KB
99 KB 73ms
73ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements5557.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d3379d51e8b47df982598354ecba20493da6ab447c5dd3f670a7aa5f92f4bf20

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Mar 2024 13:42:31 GMT
Server: UploadServer
ETag: "334a7d3a43e6a0210a7f06eba8b3fdd0"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101029
Expires: Sun, 09 Mar 2025 09:29:07 GMT

GET
DATA 200
OK truncated
/ Frame D8E5 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d26f2d7cbfbbf844b0d75c169adbd812e0bc8d848df1075b97ebeccd58338ad

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

firstevent Show response
comcast.demdex.net/ Frame D8E5
Redirect Chain

https://comcast.demdex.net/event?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915
https://comcast.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915

267 B
877 B

66ms
66ms

Script
application/javascript

18.208.254.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://comcast.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915

Requested by

Protocol

Server

18.208.254.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-208-254-216.compute-1.amazonaws.com

Software

Resource Hash

432a4a5b4ff4498f97dfb6bda1389d5b6e93fef2adaf3650e2850f8513d32f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v057-0ffc70567.edge-va6.demdex.com 7 ms
pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: btV/Wm6rTo8=
content-type: application/javascript;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 220
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-1-v057-074faadb5.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: eNg4nBS1SfY=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://comcast.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk_8701463946301915
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D8E5 0
0 155ms
123ms Fetch
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsviVG4KrPAKWXwosYzJtlBgZSBEWqdko3oj8oRU_9ksU795nmge1CV-SrVkrYLDT9VecCQRKlDbG-D8QhSLxGryQJdE3RyDjWfy2lqLzqx56oEgBCxXM0FkdTqqtgQvtLRY1cDrFm1KTR5YjHOUEC8NR_565qEp_Zdtx5Jd_Kowo4sL7M8ZkmTMpHEaJTmZAb6oLTnBrS76O1guTFRwiPDPUzGlwcLQl4dZ6wutzw&sai=AMfl-YTbQeSiDtaarO7ozUha8m9dZ79tNUXFSEXntCyk1ehcol2topthIX8_UbabONZ5T5iyW88NdnJP6a4Un5H-dPDNBvdZJaqSRffz-ESfgyUxhbvOD8Nkr2Wkqp59CPo17s5Bu-m4YIpeeRp2ML3jMbw-chJc&sig=Cg0ArKJSzM9mcNVuhlHqEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=110&vt=11&dtpt=109&dett=2&cstd=0&cisv=r20240306.12784&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 09 Mar 2024 09:29:07 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 128ms
122ms Preflight
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 09 Mar 2024 09:29:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 0
22 B 127ms
127ms Image
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B0lHi4ivsZfznJ7OpjvQPtqOv0AcAAAAAOAHgBAI&bg=!_f6l_rHNAAZdgtM0fYI7ADQBe5WfON07GYMdy86njiLDkKSl55ftOul1OGsb2CVm4Hr4NP6rSkM7Yi07gCPk9FBdKNkAAgAAAPZSAAAAA2gBB5kDAxhB-QsoDplFp0FKb4ndYtRnaT_gvQcH9RNrf8MDIRSUXMHQ0s8THB-Q2txcIb8LmCVVLNxPK5Lr3abfpwVh9XyWUhNdA1WkiXPQMdnGjxv6PZFIlICRtf_MFItgZWkPXYtKuOt3uSQSjkO-YVLMQ-8YClbVQEJZAdp7DpXtFwihy0yFs5OP4Bh16OYb-JsZ2UtLhLnjK5qRXx1TDw9SqUA2tAieqM_4C3zP2bIci8uHqXu9nD_9HP_6MqVldFyjOLWuy4WhSrnY7iqdGC5Joj0iom0-wGjl27gUIqV2U2ywzebsw38nxFmlb6NM4_uyfYk8obUoH87c0AsN5XxbSogvUU-Pzn1rPFKyk9hBYTXhOH0Q70166rdzi_uPnGrb4RxUbEudkfnc0TtUhxYkSr_RX-yvO8HH47Shs_VYPoBe7hs1VjrNiy4k65uSIUdSAn4Fa-sR1zkPeW4OSW8_VH7E3D79QjhD7WxRlcegjrJHgaf5vFZW-3QyRG0_pNtK-JDmLGTCtAI0v0vxi3z9nf5i2SlB949O8TXyRW8hq5e03YiSj_SIlwFqUDPcMZlTyker5cHLucSn4uz39ZyIzgG5emr638BvhQkyLuDCGPjG-R8LiE-iMXQAdLZSAVE3zIdbIcQxB1qsYYVAEC3aeyn30tq8Om1UjfuS-_YtD6-pqLlqzqVUX2wLfUIBy4pl1EB1oCFvxgyZsYlNcyyGV19UCcf5xhLFqSCVwkbhGTuLMQANnROdSiUSaNLOD39oV7ls3puiLJDQeUV06VEcbk2BRWBSoJFsG4uka-Nl9V0kvAzm2b9hulacTvI7PJUm5YYfQENvZyLQm5NvTjRno0rC3V6NNNxQBKWTmwkLqleH4tdtKIZvGpsXqdyuXgtHw-c95PX-4BzFn_34yRGAHwT9otJxNyaSFum1Kv6j86eKI__guxiEo-OjExhhfPKNGEUo9q7-cnKbI8-FwfMuHx46vRCA5I0hKO_GVOTgYpP5dTactgC6FFxVXXd5bf0CeNhlpw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements5557.js Show response
cdn.doubleverify.com/ Frame 5817 414 KB
99 KB 75ms
74ms Script
application/javascript 2600:141b:1c00:f::172c:c9cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements5557.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:f::172c:c9cc Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d3379d51e8b47df982598354ecba20493da6ab447c5dd3f670a7aa5f92f4bf20

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Mar 2024 13:42:31 GMT
Server: UploadServer
ETag: "334a7d3a43e6a0210a7f06eba8b3fdd0"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101029
Expires: Sun, 09 Mar 2025 09:29:07 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 72D5 578 B
699 B 384ms
56ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=176&ttfrms=27&brid=3&brver=122.0.6261.111&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8TauU2%3F4r92%3A%3Fl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8Tar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=973&ddur=71&uid=1709976547546355&jsCallback=dvCallback_1709976547546763&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=5557&tgjsver=5557&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0776200265208929%26output%3Dhtml%26h%3D90%26slotname%3D4727113088%26adk%3D1184666797%26adf%3D3475520789%26pi%3Dt.ma~as.4727113088%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1709976545%26rafmt%3D2%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fpostimages.org%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1709976545290%26bpp%3D2%26bdt%3D486%26idt%3D550%26shv%3Dr20240306%26mjsv%3Dm202403040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D2414228942947%26frm%3D20%26pv%3D1%26ga_vid%3D1185124059.1709976546%26ga_sid%3D1709976546%26ga_hid%3D968420541%26ga_fc%3D0%26u_tz%3D-600%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D70%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31081586%252C31081612%252C31081642%252C31081645%252C95321957%252C95322388%252C95324161%252C95325785%252C95326936%26oid%3D2%26pvsid%3D1577518690999755%26tmod%3D257740397%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CpEe%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D2%26uci%3Da!2%26fsb%3D1%26dtd%3D555&fcifrms=10&brh=2&dvp_epl=240&noc=16&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://postimages.org/&c1=1024534&prr=1&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&audeal=549644393848091121&auevent=ABAjH0jKRgFK_v9nSj5UdKJb9waU&aucmp=20849867208&aucrtv=537685413&auorder=1015441840&ausite=2597519058&auxch=1&pltfrm=1&aufilter1=1024534&autt=1&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=591235425528.6605&ee_dp_sukv=591235425528.6605&dvp_tukv=48926960340.766106&ee_dp_tukv=48926960340.766106&dvp_strhd=0.40000152587890625&dvpx_strhd=0.40000152587890625&dvp_tuid=1431688518265&jurtd=4223276196
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements5557.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: bd6056f4524305945bfc04d6056c434cb2003072c33de327a370bdf629f72b1e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 03/08/2024 09:29:07

GET
H3 200 2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D3B 51 KB
20 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2XuAnNhv9ZdrLh840DIAgutokU3UuLKCtZvRQAQJz4k.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d97b809cd86ff5976b2e1f38d0320082eb68914dd4b8b282b59bd1400409cf89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20134
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 22:31:02 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/8/223431;7805185;201;jsappend;XfinityUS;CORPQ12024BAUCENNONDT7805185FT728x90/ Frame D8E5 2 KB
2 KB 281ms
78ms Script
text/javascript 23.1.197.91
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/imp/8/223431;7805185;201;jsappend;XfinityUS;CORPQ12024BAUCENNONDT7805185FT728x90/?ftscw=ebuy%3D31085978%3Besid%3D6522286%3Bepid%3D382629248%3Becid%3D204341662%3Beadv%3D4053494%3Beaid%3D573936429%3Berid%3D204367837%3Beexpid%3D%3Beexcid%3D%3Berv%3D1%3Beiid%3DCM_5sIXv5oQDFT5jRwEdxPIP1Q%3B&ft_custom=4053494__31085978__6522286__204341662&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fpostimages.org%2F&us_privacy=${US_PRIVACY}&cachebuster=870146.3946301915&ft_keyword=%7C%7C382629248;382629248&ft_section=25182961557980621642653096538469605981%7C%7C382629248&ft_c1=382629248

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.1.197.91 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-1-197-91.deploy.static.akamaitechnologies.com

Software

prod-xre-app15.ash11 /

Resource Hash

7fe36b342a2b335ee2fc1bc8cd7ee5097e977d4a47c69e479ed6b3f935faed97

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=86400
Server: prod-xre-app15.ash11
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 1119
Expires: Sat, 09 Mar 2024 09:29:07 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 5817 907 B
891 B 242ms
54ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=206&ttfrms=6&brid=3&brver=122.0.6261.111&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8TauU2%3F4r92%3A%3Fl9EEADTbpTauTauA%40DE%3A%3E286D%5D%40C8Tar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=973&ddur=71&uid=1709976547688368&jsCallback=dvCallback_1709976547688487&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=5557&tgjsver=5557&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0776200265208929%26output%3Dhtml%26h%3D90%26slotname%3D4727113088%26adk%3D1184666797%26adf%3D3475520789%26pi%3Dt.ma~as.4727113088%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1709976545%26rafmt%3D2%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fpostimages.org%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1709976545290%26bpp%3D2%26bdt%3D486%26idt%3D550%26shv%3Dr20240306%26mjsv%3Dm202403040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D2414228942947%26frm%3D20%26pv%3D1%26ga_vid%3D1185124059.1709976546%26ga_sid%3D1709976546%26ga_hid%3D968420541%26ga_fc%3D0%26u_tz%3D-600%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D70%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31081586%252C31081612%252C31081642%252C31081645%252C95321957%252C95322388%252C95324161%252C95325785%252C95326936%26oid%3D2%26pvsid%3D1577518690999755%26tmod%3D257740397%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CpEe%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D2%26uci%3Da!2%26fsb%3D1%26dtd%3D555&fcifrms=10&brh=2&dvp_epl=240&noc=16&nav_pltfrm=Win32&ctx=971108&cmp=31085978&sid=6522286&plc=382629248&crt=204341662&btreg=573936429&btadsrv=doubleclick&adsrv=1&advid=4053494&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&region=30&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=591235425528.6605&ee_dp_sukv=591235425528.6605&dvp_tukv=15783264731.037844&ee_dp_tukv=15783264731.037844&dvp_strhd=0.10000038146972656&dvpx_strhd=0.10000038146972656&dvp_tuid=1392657755939&jurtd=1185408803
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements5557.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 56587589f471b3b3c0f88e6592bc22b01a5501b83fab3d4755b7f1846ef5a7e4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:07 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 03/08/2024 09:29:07

GET
H2 200 ftUtils.js Show response
ajs-assets.ftstatic.com/ Frame D8E5 86 KB
26 KB 220ms
68ms Script
application/javascript 18.238.49.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ajs-assets.ftstatic.com/ftUtils.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/8/223431;7805185;201;jsappend;XfinityUS;CORPQ12024BAUCENNONDT7805185FT728x90/?ftscw=ebuy%3D31085978%3Besid%3D6522286%3Bepid%3D382629248%3Becid%3D204341662%3Beadv%3D4053494%3Beaid%3D573936429%3Berid%3D204367837%3Beexpid%3D%3Beexcid%3D%3Berv%3D1%3Beiid%3DCM_5sIXv5oQDFT5jRwEdxPIP1Q%3B&ft_custom=4053494__31085978__6522286__204341662&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fpostimages.org%2F&us_privacy=${US_PRIVACY}&cachebuster=870146.3946301915&ft_keyword=%7C%7C382629248;382629248&ft_section=25182961557980621642653096538469605981%7C%7C382629248&ft_c1=382629248
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-49-47.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7214455123e5fb1fd165f99f9a43a3c0a1311403e16701deac74c63a7cef350

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 15:54:43 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/5.1), 1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P3
age: 63265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 26453
last-modified: Mon, 04 Mar 2024 15:53:41 GMT
server: AmazonS3
etag: W/"ff56f311f5a69d0213d01af94b111f42"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: max-age=86400
x-varnish: 36367229 1024737131
vary: Accept-Encoding,Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: d4q6R5-sZaJLsS1XaT9rtnedf_clwUZF2KRJlxubSzcLKR-bx8zLSA==

GET
H3 200 oas_mjx1. Show response
fundingchoicesmessages.google.com/f/AGSKWxXVUzVBC-YqFQhxqUqHI-uQ9c9v8kw3k1VRKhvTWhyiUvTgczY9Iyk59ypbcmTgeH0ge1Da6qjBEU-aic2maDYvKemRVUFZkSJ1eTeheYWntSBCFtXBqi_caW_xMy7eM8EUlehiUg1ErHimAvQKXLeCLsZEK... 54 B
108 B 91ms
90ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXVUzVBC-YqFQhxqUqHI-uQ9c9v8kw3k1VRKhvTWhyiUvTgczY9Iyk59ypbcmTgeH0ge1Da6qjBEU-aic2maDYvKemRVUFZkSJ1eTeheYWntSBCFtXBqi_caW_xMy7eM8EUlehiUg1ErHimAvQKXLeCLsZEK1P1GjyU2W1c3BwB-WPodCjvgn1-5Huc/_/requestadvertisement./delayedad./728x15..php/ads//oas_mjx1.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.bwrMcs6ZcYg.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwQWmLjf8sNQMgrE_af2VgB3CsMpQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

65ed7aff165a0069ff29661747ac055654746bbf0cafb35dfef8a6b7eb63b4f9

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-uKrjwmhKGyj05Jq8Ty1OfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-uKrjwmhKGyj05Jq8Ty1OfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmLw1ZBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaery-ZJIBYA4h3-Hiw8K2bzqoCxLrrp7OGAnHM8-msKUDslD6DNQiIfepnsMYAsRA3x5PrG9azCdyYu0UTAGXCLmY"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 64 KB
24 KB 65ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff1960a45c6c700c71fe8dd2a8f57127aba9acabb5d0c23a3a263ed5b81a5422

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 08:58:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1829
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24264
x-xss-protection: 0
server: cafe
etag: 8613831024126762174
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 09 Mar 2024 09:58:39 GMT

POST
H3 204 AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 217ms
87ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-es5vwvLKp1qW5hWiTflEvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-es5vwvLKp1qW5hWiTflEvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmJw05BiqGV4xtQKxDt8PFic0mewBgGxEDfHk-sb1rMJfGj7nwoA7HYN6g"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 147ms
88ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rpcNn-5YA2hFEl5xP8McFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rpcNn-5YA2hFEl5xP8McFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmLw1pBiqGV4xtQKxDt8PFic0mewBgGxEDfHk-sb1rMJbOicnAYA62ENRw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 127ms
89ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Qb4qxsXo5aORMFqwalgaXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: script-src 'report-sample' 'nonce-Qb4qxsXo5aORMFqwalgaXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmLw0ZBiqGV4xtQKxDt8PFic0mewBgGxEDfHk-sb1rMJXNi8Mw0A7NANuA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 121ms
85ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3fOfE2jPvKSA5g4oeQfFkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3fOfE2jPvKSA5g4oeQfFkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmJw0JBiqGV4xtQKxDt8PFic0mewBgGxEDfHk-sb1rMJzNjalQoA6dsNRg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxX39BntCrDh1vubXQxxawinmUYenyYuE_lLkGvJLp3uhsIePv_cbQxcwZU_tOA5ulSEEb6bQ_mKnmj0OYwlQ041SYaJZTVMZjRaGGX28Abj-N_9UKjtzY9qMKAu-eaH_PgZLwk0UA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 102ms
102ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX39BntCrDh1vubXQxxawinmUYenyYuE_lLkGvJLp3uhsIePv_cbQxcwZU_tOA5ulSEEb6bQ_mKnmj0OYwlQ041SYaJZTVMZjRaGGX28Abj-N_9UKjtzY9qMKAu-eaH_PgZLwk0UA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5OTc2NTQ4LDEzNDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCJid3JNY3M2WmNZZyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f47b8be156106e47545876939e7805611cc2146a8f393aff546e1fa639d943a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qXk5nn3D9zQVTNpdLSDf3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: script-src 'report-sample' 'nonce-qXk5nn3D9zQVTNpdLSDf3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmLw05BiUAzbyXTe6Q7TdSCuZXjG1ArEBhrPmSyA-N2Xl0w8X18ySQCxBhDv8PFg4Vs3nVUFiHXXT2cNBeKY59NZU4DYKX0GaxAQ-9TPYI0B4lMLzrNeAmIhbo4n1zesZxOY0NAQAwBPiS6z"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2921 42 B
174 B 126ms
125ms Fetch
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupggNoUjxFwoCfNelwNrpdCyho5hs4Rbg2d95kPqbTQFrbFDPQeOTANV3v-1U87wrBvFIg69Rc_NZyajRd5EIfaxexVFD8UGyW0e6A8LC2lFrMs2hBN-9veFNYgdR3auojS_SiN49MqP4T0JX8y1JWSG1lFFyyO7s&sai=AMfl-YQlOrGLpMvi5ChhPzGLyX411UGdVdBxITo1yCI15w6Ha4H5-jm5z-GuxtPWmY8D_6fk3Vq1AKPCeH97jz-Si7djXXhjVR6hTV1bL9aGSt4BRnSCbnFeRB22n_Tiwibj_7r_IfM2W3LpffbyiqruTg&sig=Cg0ArKJSzFpoVRLlv_JJEAE&cid=CAQSTwB7FLtqEvDH3pHYmeemHqZzxz_MI-iAnKSCiuEZkK3XpkaHkftSDivCCVMXeLuCsx63FZQrry1EN3XruPeyPOCTMrI6msxoRD0PDboOGjIYAQ&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=750852199&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=590934600&rst=1709976545857&rpt=1277&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4627654.json Show response
agen-assets.ftstatic.com/display/7805185/ Frame D8E5 7 KB
3 KB 257ms
113ms XHR
application/json 13.35.93.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://agen-assets.ftstatic.com/display/7805185/4627654.json
Requested by: Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-97.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d3b183ec8754d30322a777c09e47191b1d30830fcf86e0ce72521c2fbb7be4e7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:09 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/5.1), 1.1 c05b7ff061569d914bb28a2bfaa77d34.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P8
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-length: 2910
last-modified: Thu, 07 Mar 2024 19:51:31 GMT
server: AmazonS3
etag: W/"b3444d3b60af0672114833cd4c2ba0bb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: max-age=30
x-varnish: 509597933 510362150
vary: Accept-Encoding,Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: lZkx_WyAToMoed7t2sqko85LCb01LccNPyJEopQpTvby6855IrkTqw==

POST
H3 204 AGSKWxUoU0dZx6vGFCDJx12PxVaGGusa7W6uu-1i9OdNIkcD4qwiOHdcFC2FuY3nYywM7WaeyPVjDrOm83-nHVblATQhxOZvXLjtpBzmouhjdfVAQxScH8AOGTqtJ5YDMakVAfXmKEMBZQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 87ms
86ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUoU0dZx6vGFCDJx12PxVaGGusa7W6uu-1i9OdNIkcD4qwiOHdcFC2FuY3nYywM7WaeyPVjDrOm83-nHVblATQhxOZvXLjtpBzmouhjdfVAQxScH8AOGTqtJ5YDMakVAfXmKEMBZQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-O9T2TYtq9XIlIqkc6EDCUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-O9T2TYtq9XIlIqkc6EDCUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmLw15BiqGV4xtQKxDt8PFic0mewBgGxEA_Hk-sb1rMJvLj7pp0RAP0DDlM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 87ms
87ms XHR
text/html 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWPnKNaueEZjioasPlVMGckLGeHZnjulUHCGWe0JF9ilV8NTx4U3Y2nW8FJqNfDYVe7eWTadaZHq_K0GZJ_93yE1sGpVUwZiysvYJJCA7CtC4tRYeW34__yagPyYOGlXTm5ewnsDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EBApofeWvqYDs8KuyPBklg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EBApofeWvqYDs8KuyPBklg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmJw15BiqGV4xtQKxDt8PFic0mewBgGxEA_Hk-sb1rMJPDi5s4MRAPrEDf0"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 171ms
170ms XHR
application/json 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240306&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a60f6328c24e14f3ca4961b5716b4c5997d2e0ad5cd9f57975f922acbd882c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12574
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6178 42 B
64 B 126ms
125ms Fetch
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvucDt_m6i5bIocV-_ZiHNYoWPOYYqGH8pNzlfAXNLiCQbswEd_j7E8DXlxMn9uVYkGJX4Dy_ffQagefkKgf_3LGzXn-wUaolGUrulpGQUMc_P1WfeAnvXSAj-hxlj88ZRUhWbv0Xw7FR4dtvYQbcBf_UKN_zgAJPsyN3rVk6bRjvj1w59_Mn8AaBN4YI3xq4xlYg48TqbqyfAOZ_qUmv4RykjGmB2izq15J40lxJmmJS9IeDUEBtm9kB-bhXqqUHywoCL1fTIzSPFidtL4pwZcW2iHjyx8qhZsBWdNL0u4OicFAi8RndlYjf7NRRfS7TM-iPeLSQJHvnmqhOxtApxRMJ8DIRWc0rsZGjXJZde_D0gI_pX7c-p6koP3LEB0RmZZoJDuTbBXzUR7pFsSZQROgSsm8fxb8l50hoNpneU3Og3gzA_WDj_AJ5wHjSf0EiGgMfF8vTiGj_3xVEljUQVUHV5ddEpQ1fvqRE66TcUv9C5cIv47omYS9zbHuH2ApU6Fr9rYN3mhEmuPj7YkoaNIBHucC6bgLBRxmYzIcONNRRiw7EvMT_RKYEZbf11Q5AibRvvnC1x5LDPk-kPOjSn0Iiigi5d-e2p7Eq-RdP-ktEwmr6g5uZ3hqBpvgVT65l5OUYCyL1TMcnKQ643YWyI-cJAvPyZchRVTI97bSaXKMmEOjbpOn0-q2aKQjR4LIUtzeUMeUtrk0DaUGiHR4D5UGv_tYXBUD7EjNRuk-2hhHcWiCVaud9FLXlO5ZdD90PniCxOdKrrH4UlYy4m9x9mw5T41Q4DC49oRqJoMhBwpfVjnd6eRVZ-fA3G_CGMhIUVCfsKIKLxv2Uoyu02wFBx3IeI5L9FheTGRwpLK_pCNzTaaS1FuJoe9075QSwQatBcgnTWnzZ-YePK9vjobtHBmSXVX49YVo6YwjtLhOjL5MU2IgoBVtRdRUsSVhSBXZC0JMRvFe8607DmUf0HsMIkMBHt4xoWrv6_Y6fWi92DQrSwNnYfDo9iBJ4uJD3kMcuPFZ_h6nU8oiLrBQfKQggrLvB_MfVwjWMOvMYXMBi6alnNgxkXUbM7wlRDQ-bLSzSvMxDwhoSSANCKbk59wM_FXMMIyxJ20ZJTbUU99n2P3jLejeYyh-L20OZAYNlDRiNRo8_jBiooBug0MZhFoNrJ82FGazhmKNcwFnkxdP_jFiJbvToZsIEU5d3S1fcAdAg3sHurye6JH&sai=AMfl-YStFrKRa1M6ACLyP_Yugeg_yUcC_4STcg12AQ8OyPaulPI4HiazYJ34cQE7UV6mVvP8yb-cx4QGmS_rrev3l3gp8cb1SVOlobkav5P1qDiMHCGwCU-NxWiqepiUzPrAsKWa8b2LQHIRilhvrpaPypOXUqXv5iTaGb7VJA&sig=Cg0ArKJSzKkfKxKpOiT2EAE&cid=CAQSTgB7FLtqsNVuFTB8wGT-GbXwzkr7KjRM5NkGo8ODZik05RJ65ZeCRPWAECZg9DqSN95ZxRKSAX6SS_sii_Gh0PPYbC7ra_MAd5yMZgNMvRgB&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=90,760,1000,1020,1020&tos=90,670,240,20,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=590934700&rst=1709976546895&rpt=345&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 136ms
136ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 09:29:08 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D8E5 42 B
64 B 126ms
125ms Fetch
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvLP-RiDQW15z3IfSrlQDmSXVR3MNsT-0a5oNC25DIa5B7MVrfWSBGOTJvDH5eVTv6ybzXq6pZXXLATZuJCvD37FZkxtRglzYaIboKKdNXItCDuEvAqg0vAPvfBj_1r143Wz3ExQYKtW08vfI_VI2wjyaVa3g48zSs&sai=AMfl-YQazpjQGDyIibhdvLcJTE_I-uhErRq-r1jMzZ6LZapXA1E1qvDZilECLziDkZBMBqinLj9MAPY-u7GCxMiJVWs4QWo9Cskp21E3be3qwJ0tyCw9XKV60QA-QyA15wFzCOZPXZ1snWFlLzpT8sP1yA&sig=Cg0ArKJSzH6UY_mbUQlNEAE&cid=CAQSTwB7FLtqVwviuIuh2BuZEJBjcYFEHHpweAOj-s-BuPRjsLbioKJXqE0GSj2AONnv88IutaMhb42PoMFN_RMn8h__AlXO1lG9dvz9O0PaH68YAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1184666797&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=590934700&rst=1709976546372&rpt=1012&met=ce&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK segs.js Show response
cdn.flashtalking.com/feeds/comcast/FBI-3250/ Frame D8E5 1 KB
1 KB 394ms
74ms XHR
application/json 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/feeds/comcast/FBI-3250/segs.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 0573af9aeef191b64044eef3fb139d68329f1128515833e5a7ea87ae66f5eab2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:08 GMT
Content-Encoding: gzip
X-FT-Origin: us
Connection: keep-alive
Content-Length: 398
Last-Modified: Sat, 13 Jan 2024 09:00:08 GMT
Server: Flashtalking (AKA)
ETag: W/"0521f5c77b1c5991f9c80188cfbfdac6"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
X-Varnish: 444843465
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: max-age=1200
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Access-Control-Max-Age: 86400
Accept-Ranges: bytes
Access-Control-Allow-Headers: Range
Expires: Sat, 09 Mar 2024 09:49:08 GMT

GET
H/1.1 200
OK index.html Show response
cdn.flashtalking.com/188939/4627654/ Frame 33F0 292 B
842 B 391ms
75ms Document
text/html 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/188939/4627654/index.html
Requested by: Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 49f26884cd251eb4dcb9af59b67cb751278993423a33be3c331922657767982c

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Cache-Control: max-age=1200
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 219
Content-Type: text/html
Date: Sat, 09 Mar 2024 09:29:08 GMT
ETag: W/"be54edc3b937184d12684e9007739fe6"
Expires: Sat, 09 Mar 2024 09:49:08 GMT
Last-Modified: Wed, 28 Feb 2024 16:31:46 GMT
Server: Flashtalking (AKA)
Vary: Accept-Encoding
X-FT-Origin: us
X-Varnish: 948543491 946888141

GET
H/1.1 200
OK ftpagefold_v4.7.2.js Show response
cdn.flashtalking.com/pageFold/ Frame D8E5 17 KB
6 KB 380ms
67ms Script
application/javascript 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/pageFold/ftpagefold_v4.7.2.js
Requested by: Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Nov 2022 15:59:45 GMT
Server: Flashtalking (AKA)
ETag: W/"41e1de2061b5162671c94aaf53e51cc1"
X-FT-Origin: us
Vary: Accept-Encoding
X-Varnish: 413862034 236107414
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5545
Expires: Sun, 10 Mar 2024 09:29:08 GMT

GET
H2 200 ibs:dpid=3047&dpuuid=591215373ECD03&
dpm.demdex.net/ Frame D8E5 42 B
716 B 62ms
61ms Image
image/gif 18.208.254.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=3047&dpuuid=591215373ECD03&?241001783

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.208.254.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-208-254-216.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v057-008fd60b1.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Sat, 09 Mar 2024 09:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: AURTJofsTLg=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F03E 13 KB
5 KB 65ms
63ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 40481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Mar 2024 22:14:27 GMT
expires: Sat, 08 Mar 2025 22:14:27 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 02D3 829 B
996 B 84ms
83ms Document
text/html 2607:f8b0:4006:822::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

513b872b11398d76f52a32015c404cc6742e58c4d44373c6bd66cd599db994d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-h8ywbqDpxysHYgQ5a-UuHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-h8ywbqDpxysHYgQ5a-UuHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 09:29:08 GMT
expires: Sat, 09 Mar 2024 09:29:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 02D3 0
0 122ms
121ms Image
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240306&jk=1577518690999755&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

GET
H3 200 O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js Show response
pagead2.googlesyndication.com/bg/ Frame F03E 39 KB
15 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:15:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40405
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15541
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 22:15:43 GMT

GET
H2 200 /
ad-events.flashtalking.com/state/7805185;4627654;32926556;271;5D0A6D7F-339A-5192-F390-2C0C5C376CDA/ Frame D8E5 0
67 B 193ms
58ms Image
text/plain 18.234.13.237

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-events.flashtalking.com/state/7805185;4627654;32926556;271;5D0A6D7F-339A-5192-F390-2C0C5C376CDA/?cachebuster=577730493
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.234.13.237 -, , ASN (),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:09 GMT
server: awselb/2.0
content-length: 0
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK ft.stat
stat.flashtalking.com/reportV3/ Frame D8E5 1 B
377 B 269ms
67ms Image
text/plain 23.46.224.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stat.flashtalking.com/reportV3/ft.stat?0-7805185;4627654;32926556-304-0-591215373ECD03-49683765
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:09 GMT
Last-Modified: Thu, 28 Jun 2012 14:38:09 GMT
Server: AkamaiNetStorage
ETag: "c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type: text/plain
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1
Expires: Sat, 09 Mar 2024 09:29:09 GMT

GET
H/1.1 200
OK html5API.js Show response
cdn.flashtalking.com/frameworks/js/api/2/10/ Frame 33F0 89 KB
28 KB 72ms
71ms Script
application/javascript 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/188939/4627654/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 919664d4c088d6963c5c872ced7e8859a3cabc2cec3ef42f4afa99de7a3321da

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/4627654/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 31 Aug 2023 15:23:45 GMT
Server: Flashtalking (AKA)
ETag: W/"aa5cfa970907192576fba68520d94a44"
X-FT-Origin: us
Vary: Accept-Encoding
X-Varnish: 797058713 768215352
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28723
Expires: Sun, 10 Mar 2024 09:29:08 GMT

GET
H2 200 st1 Show response
choices.trustarc.com/jsi/ Frame D8E5 3 KB
3 KB 224ms
72ms Script
text/javascript 108.139.47.31

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/jsi/st1?aid=comcast01&pid=comcast01&cid=%EF%BF%BDuy_6522286_382629248_204341662&sz=120x240&c=te-cb53&rand=d9cb

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=comcast01&aid=comcast01&cid=%ebuy_6522286_382629248_204341662&js=st_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.31 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

64d4f412257ea7ad291d41fa39f567e83365eaab50f77a29aad660efc14b7126

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2143
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: jnRY-74FswPSvvQ5z_QAeKiVUiJuuw_Q8i9Wopu29t9IrsdquBpfrw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 get Show response
choices.trustarc.com/ Frame D8E5 17 KB
6 KB 214ms
63ms Script
text/javascript 108.139.47.31

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/get?name=st2.js
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=comcast01&aid=comcast01&cid=%ebuy_6522286_382629248_204341662&js=st_0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.31 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 7044b0c225fd6df66c4f91e37a14a293860937e48b1deee5875279ffb9f32555

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 11:02:42 GMT
content-encoding: gzip
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
age: 1981587
x-cache: Hit from cloudfront
pragma: public
last-modified: Wed, 10 Jan 2024 03:10:26 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: IHnSdKB86nTNQTxBHfe_BrDEMClJrahSKNNNf-RILK_Pd7Znu8Wbww==
expires: Sat, 16 Mar 2024 11:02:42 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F03E 0
10 B 65ms
64ms Image
text/plain 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?BmjYfA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 09:29:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK ft.stat
stat.flashtalking.com/reportV3/ Frame D8E5 1 B
377 B 255ms
84ms Image
text/plain 23.46.224.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stat.flashtalking.com/reportV3/ft.stat?0-7805185;4627654;32926556-306-0-591215373ECD03-315690937
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Mar 2024 09:29:09 GMT
Last-Modified: Thu, 28 Jun 2012 14:38:09 GMT
Server: AkamaiNetStorage
ETag: "c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type: text/plain
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1
Expires: Sat, 09 Mar 2024 09:29:09 GMT

GET
H/1.1 200
OK manifest.js Show response
cdn.flashtalking.com/188939/4627654/ Frame 33F0 6 KB
2 KB 70ms
69ms Script
application/javascript 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/188939/4627654/manifest.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 02dbcf8fde281e09926eb60cbffc4e9877d0ad9ec4e5b4240de5fec6b7c6dc90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/4627654/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
Content-Encoding: gzip
X-FT-Origin: us
Connection: keep-alive
Content-Length: 1223
Last-Modified: Wed, 28 Feb 2024 16:31:46 GMT
Server: Flashtalking (AKA)
ETag: W/"0519f3a51c41c5c8db6bbcfad8b9f6ee"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
X-Varnish: 164663036
Vary: Accept-Encoding
Accept-Ranges: bytes
Expires: Sat, 09 Mar 2024 09:49:09 GMT

GET
H/1.1 200
OK mv32926556.json Show response
cdn.flashtalking.com/188939/ Frame 33F0 6 KB
2 KB 101ms
100ms XHR
application/json 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/188939/mv32926556.json?cb=184183938
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 951c7c5571a536d670c2cc6a9da25341e8a35fba2ff2a4cbfc3668e206759895

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/4627654/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
Content-Encoding: gzip
x-amz-meta-creative-id: 4627654
x-amz-meta-creative-library-id: 188939
X-FT-Origin: us
Connection: keep-alive
Content-Length: 1148
Last-Modified: Mon, 04 Mar 2024 16:45:49 GMT
Server: Flashtalking (AKA)
ETag: W/"5f652223487fe2755a471bb9283efcfb"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
X-Varnish: 599268055 598326532
x-amz-meta-ad-type: HTML_onpage
x-amz-meta-version-id: 32926556
Accept-Ranges: bytes
Vary: Accept-Encoding
Expires: Sat, 09 Mar 2024 09:49:09 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8E5 0
27 B 126ms
126ms Ping
image/gif 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7535560821935&version=m202402290101&ct=76&x=1&cor=3645471487984211000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 09:29:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.html Show response
cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/ Frame 33F0 3 KB
1 KB 66ms
66ms XHR
text/html 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/index.html
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 3afecba131750e6efcb147794ccd539b376f6e95cc17980cceb8f7635d8501c1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/4627654/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
Content-Encoding: gzip
X-FT-Origin: us
Connection: keep-alive
Content-Length: 877
Last-Modified: Wed, 28 Feb 2024 16:31:46 GMT
Server: Flashtalking (AKA)
ETag: W/"cdb7a4f4c443265c2434cf09228f2cbe"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
X-Varnish: 948994383
Vary: Accept-Encoding
Accept-Ranges: bytes
Expires: Sat, 09 Mar 2024 09:49:09 GMT

GET
H/1.1 200
OK style.css
cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/css/ Frame 4964 13 KB
14 KB 81ms
77ms Stylesheet
text/css 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/css/style.css
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 2859f9f5083ecc8d8deb4cb80bf939e5640dd33f0ddac9d1bbf0306bd7ef6e83

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
X-FT-Origin: us
Connection: keep-alive
Content-Length: 13256
Last-Modified: Wed, 28 Feb 2024 16:31:46 GMT
Server: Flashtalking (AKA)
ETag: W/"e1fd12cdfb441da72b665c24ab687850"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
X-Varnish: 1030310300 1031833082
Accept-Ranges: bytes
Expires: Sat, 09 Mar 2024 09:49:09 GMT

GET
H/1.1 200
OK gsap.min.js Show response
cdn.flashtalking.com/frameworks/js/gsap/3.0.1/ Frame 4964 54 KB
22 KB 92ms
88ms Script
text/javascript 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/frameworks/js/gsap/3.0.1/gsap.min.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash: 8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Nov 2019 16:51:29 GMT
Server: Flashtalking (AKA)
ETag: W/"01b5d1fd4fcdc3a37d339362f92a38bb"
X-FT-Origin: us
Vary: Accept-Encoding
X-Varnish: 322151191 299117264
Content-Type: text/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21884
Expires: Sun, 10 Mar 2024 09:29:09 GMT

GET
H/1.1 200
OK TweenMax.min.js
cdn.flashtalking.com/frameworks/js/gsap/latest/ Frame 4964 46 KB
0 161ms
79ms Script
application/javascript 23.46.224.48

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/frameworks/js/gsap/latest/TweenMax.min.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.46.224.48 -, , ASN (),
Reverse DNS
Software: Flashtalking (AKA) /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sat, 09 Mar 2024 09:29:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Oct 2019 20:28:46 GMT
Server: Flashtalking (AKA)
ETag: W/"1cdb51ec2f59b803cdcda4ded3c188f8"
X-FT-Origin: us
Vary: Accept-Encoding
X-Varnish: 878846839 825312179
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 39762
Expires: Sun, 10 Mar 2024 09:29:09 GMT

GET html5API.js
cdn.flashtalking.com/frameworks/js/api/2/10/ Frame 4964 0
0

GET Tracker.js
cdn.flashtalking.com/feeds/frameworks/js/utils/ Frame 4964 0
0

GET 728x90_animation.js
cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/js/ Frame 4964 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js

Domain: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/feeds/frameworks/js/utils/Tracker.js

Domain: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/188939/510750_XM_Speed_Increase_728x90_RL/js/728x90_animation.js

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.helpcenter-evri.navicoads.com/	1970-01-20 18:59:43	Name: cookie_profiles Value: ed2ef23b063e75fb675eb9b373be0d2f22a2429c
.doubleclick.net/	1970-01-21 04:35:36	Name: IDE Value: AHWqTUlElfAftOYCn8bNydRTqKRMXwib1rD-uzkkNcxd4EtcrzvrYH62mAJQeViV
.doubleclick.net/	1970-01-20 23:18:48	Name: APC Value: AfxxVi5SNjNo97hNhwpoCaUf7d5R-wGhO9kzj-ZdAqfRYVAzf1zBZA
.doubleclick.net/	1970-01-20 23:18:48	Name: receive-cookie-deprecation Value: 1
.postimages.org/	1970-01-21 04:21:12	Name: __gads Value: ID=92a33d7e6fa30797:T=1709976545:RT=1709976545:S=ALNI_MYDHL5arH8efCA4rxBJDqU9HjN-Dg
.postimages.org/	1970-01-21 04:21:12	Name: __gpi Value: UID=00000dd100ed5b66:T=1709976545:RT=1709976545:S=ALNI_MbJx6FLfBdAzsj5LzMq_EOsJSTziA
.postimages.org/	1970-01-20 23:18:48	Name: __eoi Value: ID=dc01c11a67c2ba15:T=1709976545:RT=1709976545:S=AA-AfjYBqE7VflONa6ReVbKGyj_O
.casalemedia.com/	1970-01-21 03:45:12	Name: CMID Value: Zewr4sAoJJUAAEWeAE3M8AAA
.casalemedia.com/	1970-01-20 21:09:12	Name: CMPS Value: 1625
.casalemedia.com/	1970-01-20 21:09:12	Name: CMPRO Value: 1625
.adnxs.com/	1970-01-20 21:09:12	Name: XANDR_PANID Value: PEiTTPQwLBew9K-EYZvJ7cw9slBSAbR3BtEjDEviXYFHY6w99Zwf5MuDOAufz5grl6n-NsMTDQ_mxgVafUR5FVmMhDu105XyQD8GjK1wNPY.
.adnxs.com/	1970-01-21 04:35:36	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 21:09:12	Name: uuid2 Value: 655659886763340395
.adnxs.com/	1970-01-20 21:09:12	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>4wTRyI!]tbPl1M>e)ZlrFUfJ+tGXxoaY5zV'a#UXVZlI+VFR4)cLH]=@OyxNP+vQBj3If)y3KL9D3I?+HWNIJQ
.doubleclick.net/	1970-01-20 18:59:40	Name: DSID Value: NO_DATA
.demdex.net/	1970-01-20 23:18:48	Name: demdex Value: 25182961557980621642653096538469605981
.comcast.demdex.net/	1970-01-20 23:18:48	Name: comcast Value: 25182961557980621642653096538469605981
.googleadservices.com/	1970-01-20 21:09:12	Name: ar_debug Value: 1
.agkn.com/	1970-01-21 03:45:12	Name: ab Value: 0001%3A6zu0SL%2FGrcEp%2BzRnaU1XQKMgt6PAgfXf
.agkn.com/	1970-01-21 03:45:12	Name: u Value: C\|0EAgtfuhjLX7oYwAAAAAAAgAsAQfoTAIAAC0BB-gYAgABAAcAAAAAAdpVmv__HgAAAAAAY4WuAAAAABbOdYAAAAAADC4BngAAAAAiNZMtAA
.flashtalking.com/	1970-01-21 04:29:00	Name: flashtalkingad1 Value: "GUID=591215373ECD03"
.postimages.org/	1970-01-21 03:45:12	Name: FCNEC Value: %5B%5B%22AKsRol_Bmbw8Z35fuVkB1ka-KoqdXkwA0gMiHc_uedHtLK2w9SYQo6riU5yF20Atibs9JIppiWQrjZ1VhLOlQtWX6Af25VWeka7zBIHAnI-pdJE21xzy7uWakvICNrczjsvuLUq6ez6T4H-Y21o0F8s9x1407aY8ww%3D%3D%22%5D%5D
.dpm.demdex.net/	1970-01-20 23:18:48	Name: dpm Value: 25182961557980621642653096538469605981

86 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
deprecation	warning	URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation	warning	URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js Message: Listener added for a synchronous 'DOMNodeRemoved' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
deprecation	warning	URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation	warning	URL: https://cdn.flashtalking.com/frameworks/js/api/2/10/html5API.js Message: Listener added for a synchronous 'DOMNodeRemoved' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-events.flashtalking.com
agen-assets.ftstatic.com
ajs-assets.ftstatic.com
bid.g.doubleclick.net
cdn.doubleverify.com
cdn.flashtalking.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
comcast.demdex.net
d.agkn.com
dpm.demdex.net
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
postimages.org
postimgs.org
rtb0.doubleverify.com
servedby.flashtalking.com
stat.flashtalking.com
tpc.googlesyndication.com
tps.doubleverify.com
www.google.com
www.googleadservices.com
www.gstatic.com
www.helpcenter-evri.navicoads.com
cdn.flashtalking.com
104.18.36.155
108.139.47.31
13.35.93.97
142.250.65.162
142.250.80.34
172.253.63.155
18.208.254.216
18.234.13.237
18.238.49.47
18.238.55.5
23.1.197.91
23.46.224.48
2600:141b:1c00:f::172c:c9cc
2600:9000:21da:3c00:19:fc2c:a140:93a1
2606:4700:3031::ac43:d8aa
2606:4700:3033::6815:55cc
2607:f8b0:4006:80c::2001
2607:f8b0:4006:80f::2002
2607:f8b0:4006:817::2003
2607:f8b0:4006:81c::200a
2607:f8b0:4006:81d::200e
2607:f8b0:4006:822::2004
2607:f8b0:4006:822::200e
2607:f8b0:4006:823::200e
2607:f8b0:4006:824::2003
34.117.228.201
68.67.160.24
69.49.234.212
0045157339d3ba82765afc52fd381c23c5e2dab2e212e2763f7f947f1ad52cbd
02dbcf8fde281e09926eb60cbffc4e9877d0ad9ec4e5b4240de5fec6b7c6dc90
04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94
0573af9aeef191b64044eef3fb139d68329f1128515833e5a7ea87ae66f5eab2
072b26b82798ad8c49b4525afeb2b3687cd64e524f60595e37757eb554a21d3e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19173f733ee3c9a6ead91d8a552f0c314ca92d2ec8030013fe608516aabb1bbe
1aa70024ac6f01c7669a14fc606db2cb555073bad5a076c9d70869392fb1118f
21beb7d3dfdad3b76f1d9a2784768f6d931dd69e146adc08f632e4ae517c31d9
21ede29f5167e560a77e4f4490275a4f3ef4ff208dad901c3c6fbb87cc835936
2859f9f5083ecc8d8deb4cb80bf939e5640dd33f0ddac9d1bbf0306bd7ef6e83
2d9a16dcd33ebe339aa5a5f1ddbb207becd39e9c6d31128eb839d73b6ffe58a9
2fd72439f5347b14f21e9dced289bcbcc94e4dd1270b2b89ae1146206096ff94
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a
338f3f2b7b69124414d1655be7a2d2fae52bcffe933a480ab96d17040988de02
340ce1cc5609b0ef725d2b528e2aa77d0979611d59ded852956444423010614d
3afecba131750e6efcb147794ccd539b376f6e95cc17980cceb8f7635d8501c1
3b801f89518d88ad1a2bd1cd26cd6b310d2878c891366928b092bd7f0955149c
3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
432a4a5b4ff4498f97dfb6bda1389d5b6e93fef2adaf3650e2850f8513d32f8f
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
49f26884cd251eb4dcb9af59b67cb751278993423a33be3c331922657767982c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
513b872b11398d76f52a32015c404cc6742e58c4d44373c6bd66cd599db994d7
52531a035de63710e13afc8639fbd1b6a16c2498743b7a5a15626b4144d10064
535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56587589f471b3b3c0f88e6592bc22b01a5501b83fab3d4755b7f1846ef5a7e4
579f7afffec025181ef2723ce9e8376f407c37419bc5345c28e5a868788add6f
5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64d4f412257ea7ad291d41fa39f567e83365eaab50f77a29aad660efc14b7126
65ed7aff165a0069ff29661747ac055654746bbf0cafb35dfef8a6b7eb63b4f9
662dbb2e9a1eaa62f25fd7d00eca3d78b8112c88f96f064a49aca4a6be2892d5
6700a61b5bd8006d07ddcdf84df499411e0ca045c8e124af25f72b8c4e82dab3
6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a
6d26f2d7cbfbbf844b0d75c169adbd812e0bc8d848df1075b97ebeccd58338ad
6d8a53b360734ac70446805bbb195283bff634489f894bbfec117f44183a8129
6f81246ef3eddfedda901d4493a04645c50fedfd561026d86110d4a9e649dc76
700602424f3b2803dc9d2c06a01b7afe6639b1334f9144b4ed1a831e74ca6f8e
7044b0c225fd6df66c4f91e37a14a293860937e48b1deee5875279ffb9f32555
707342fbc0969ee23e4444b97b07df383e2d13180a2b5c56352fb079ac28e099
75d2f74a132cf54b9d5969f371e4192cae855ba4ce36b54686dbead2ce26878e
7fe36b342a2b335ee2fc1bc8cd7ee5097e977d4a47c69e479ed6b3f935faed97
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460
8a60f6328c24e14f3ca4961b5716b4c5997d2e0ad5cd9f57975f922acbd882c1
8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050
8f47b8be156106e47545876939e7805611cc2146a8f393aff546e1fa639d943a
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
919664d4c088d6963c5c872ced7e8859a3cabc2cec3ef42f4afa99de7a3321da
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
94fee7158ebfb491c85e0d60f4d7f716d701821b6d6b9f20991524ee6fce8d28
951c7c5571a536d670c2cc6a9da25341e8a35fba2ff2a4cbfc3668e206759895
96f395ade4d1cc12209f868d7f2ae29903d82a6d8ba5063c5653a32cf1aa22f9
9fc0f7a449151c3b32dc74fd37fbf2ddddb7cbf17c74bd5e45b70298855b4510
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a7d7ccd1b1b1900c730b760fa8b3b5748a073ecdedbd7710e04fbf03cd42afd8
a7e081ac2862a2c9fe794a716293c201eb0cc90623edfe349438c3af8f58ca6a
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ba96b1737e94f26d92b67251e14495c5e9c4f233b31cf85e9ed52bfd02bc021e
bcb909c46d932e62c63c3b106bf699a3ec04ee5d42265995dcc21fa2f307f990
bd6056f4524305945bfc04d6056c434cb2003072c33de327a370bdf629f72b1e
c7ae1a1887541a5761b56023ba3437d5d5a8df0e33bafa02a7b192208f686768
c9b56bf0297068737dddd527e11008560d9e8c0f67f80598f01daeffa352870b
cdb7911dd984dc9b0840a0a94e711600b05dd72d612465fdb18ecfb67ea9e66c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d20c17a56d4a1472fe9d3c8bdbab18b0a5090602d121c53f54781faaa6b7a182
d3379d51e8b47df982598354ecba20493da6ab447c5dd3f670a7aa5f92f4bf20
d3b183ec8754d30322a777c09e47191b1d30830fcf86e0ce72521c2fbb7be4e7
d58e5e72b94e11290289cb6e29849313aa352a395ebe59ab36cdaf7505407c89
d97b809cd86ff5976b2e1f38d0320082eb68914dd4b8b282b59bd1400409cf89
d9be248eee3efff14af2a4d91b67a0da6b9fa4a3aeeca3136671c686d8b822be
df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0
e26104a44aaac36db8dbf86e035fcbfa53cc58a62d122cd7f149090eb4e78854
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55c01e3ca797dbf8af251c9d68755f6039f7792afe6866e46269e4036697d3d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7214455123e5fb1fd165f99f9a43a3c0a1311403e16701deac74c63a7cef350
f8ab2778b292d70e077fc8c3c84526bbe581dc2a826165d72c7a29bec439ebae
ff1960a45c6c700c71fe8dd2a8f57127aba9acabb5d0c23a3a263ed5b81a5422

postimages.org Open in urlscan Pro 2606:4700:3033::6815:55cc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

139 Requests

91 %HTTPS

46 %IPv6

18 Domains

34 Subdomains

28 IPs

2 Countries

1765 kBTransfer

4977 kBSize

23 Cookies

0 Outgoing links

Page URL History

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

postimages.org Open in urlscan Pro
2606:4700:3033::6815:55cc Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

91 %
HTTPS

46 %
IPv6

18
Domains

34
Subdomains

28
IPs

2
Countries

1765 kB
Transfer

4977 kB
Size

23
Cookies

139 HTTP transactions
3 data transactions