itsbawa.com Open in urlscan Pro
2a02:4780:b:964:0:1a82:3b37:1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://itsbawa.com/
Effective URL:
https://itsbawa.com/
Submission: On September 29 via api (September 29th 2023, 3:34:26 am UTC) from GB — Scanned from GB

Summary HTTP 132 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 25 IPs in 8 countries across 24 domains to perform 132 HTTP transactions. The main IP is 2a02:4780:b:964:0:1a82:3b37:1, located in Lithuania and belongs to AS-HOSTINGER, CY. The main domain is itsbawa.com.
TLS certificate: Issued by R3 on September 29th 2023. Valid for: 3 months.

This is the only time itsbawa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	2a02:4780:b:9... 2a02:4780:b:964:0:1a82:3b37:1	47583 (AS-HOSTINGER) (AS-HOSTINGER)
20	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
4	2600:9000:237... 2600:9000:237d:ac00:2:6f7a:6f00:93a1	16509 (AMAZON-02) (AMAZON-02)
1 10	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
3 19	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2 2	2a05:d018:d29... 2a05:d018:d29:3605:cdf9:6ebb:c08d:dd	16509 (AMAZON-02) (AMAZON-02)
3 3	64.74.236.95 64.74.236.95	19024 (INTERNAP-...) (INTERNAP-BLK5)
2 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 6	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
10	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
3 4	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
1 1	3.248.149.248 3.248.149.248	16509 (AMAZON-02) (AMAZON-02)
1	185.86.139.93 185.86.139.93	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
1 1	193.108.153.24 193.108.153.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
132	25

19 2a02:4780:b:964:0:1a82:3b37:1 (Lithuania) 1 redirects

ASN47583 (AS-HOSTINGER, CY)

itsbawa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:237d:ac00:2:6f7a:6f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

mlqchzvmg8af.i.optimole.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:cdf9:6ebb:c08d:dd (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.95 (United States) 3 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.26.193 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (Netherlands) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.21 (Ascension Island) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.149.248 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-149-248.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.93 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (United Kingdom) 1 redirects

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.108.153.24 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-24.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169	423 KB
35	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 433	289 KB
19	itsbawa.com 1 redirects itsbawa.com	311 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 331	219 KB
7	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 11 mts0.google.com — Cisco Umbrella Rank: 6671	91 KB
6	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 781 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026	4 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 408	132 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	3 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	116 KB
4	optimole.com mlqchzvmg8af.i.optimole.com	57 KB
3	zemanta.com 3 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 906	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	4 KB
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1368 www.googleadservices.com — Cisco Umbrella Rank: 178	602 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 1171	1 KB
2	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 783	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	114 KB
1	pangle-ads.com 1 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2902	980 B
1	opera.com 1 redirects t.adx.opera.com — Cisco Umbrella Rank: 2169	674 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1096	45 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 1089	597 B
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 4633	1 KB
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 51511	607 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1260	463 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	68 KB
132	24

	Domain	Requested by
20	pagead2.googlesyndication.com	itsbawa.com pagead2.googlesyndication.com e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
19	itsbawa.com	1 redirects itsbawa.com
18	cm.g.doubleclick.net	3 redirects e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com googleads.g.doubleclick.net
17	tpc.googlesyndication.com	pagead2.googlesyndication.com e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com itsbawa.com securepubads.g.doubleclick.net tpc.googlesyndication.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	securepubads.g.doubleclick.net	1 redirects itsbawa.com securepubads.g.doubleclick.net
6	www.google.com	1 redirects e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com itsbawa.com tpc.googlesyndication.com
5	s0.2mdn.net	itsbawa.com s0.2mdn.net e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com itsbawa.com e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	mlqchzvmg8af.i.optimole.com	itsbawa.com
3	dsum-sec.casalemedia.com	1 redirects googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
3	ssum-sec.casalemedia.com	3 redirects
3	b1sync.zemanta.com	3 redirects
3	fonts.googleapis.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	googleads4.g.doubleclick.net	itsbawa.com
2	www.googleadservices.com
2	image6.pubmatic.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	www.googletagservices.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
1	analytics.pangle-ads.com	1 redirects
1	t.adx.opera.com	1 redirects
1	ssbsync.smartadserver.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
1	ads.yieldmo.com	1 redirects
1	a.rfihub.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	cms.quantserve.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
1	mts0.google.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
1	www.gstatic.com	e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
1	www.googletagmanager.com	itsbawa.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
132	33

This site contains links to these domains. Also see Links.

Domain
www.ilovewp.com

Subject Issuer	Validity	Valid
itsbawa.com R3	`2023-09-29` - `2023-12-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.i.optimole.com Amazon RSA 2048 M01	`2023-03-13` - `2024-04-09`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
quantserve.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://itsbawa.com/
Frame ID: 8AE7A287A917E41AC3DF8497F5A4A8D2
Requests: 38 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html
Frame ID: 00472CF802BCC9F38529E087D2763F7F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6527377059910329&output=html&adk=1812271804&adf=3025194257&lmt=1695954860&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A32768%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x1080_l%7C188x1080_r&format=0x0&url=https%3A%2F%2Fitsbawa.com%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695958460558&bpp=44&bdt=292&idt=334&shv=r20230927&mjsv=m202309280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=843656399060&frm=20&pv=2&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078143%2C31078144%2C31078321%2C44803790%2C44804179&oid=2&pvsid=190859508569122&tmod=1531593998&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=392
Frame ID: 4419C50F3845A388AFBB072DAD4FABD6
Requests: 1 HTTP requests in this frame

Frame: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C2C8DA2B06BD67AFB5A158CD7A8E828B
Requests: 1 HTTP requests in this frame

Frame: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E41D04FF64A6F311BD07C9BF98B84CB9
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FDEDB1AF9E9F6F19A89704245E0A3E8B
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012309151607000/amp4ads-v0.mjs
Frame ID: 3AEDEFAA2BB044FF1E78518AE87D7D72
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012309151607000/amp4ads-v0.mjs
Frame ID: 3FA5F244BC3C7CD28BB5078644F996D9
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js
Frame ID: D875B3D92D33CCC54A7F76AF0DEBC813
Requests: 1 HTTP requests in this frame

Frame: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2FBD170125613EBD600F2E6F83DD9154
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIL1_68EEIqb_NgEGMWRhfYBMAE&v=APEucNWXSU4piHx7QDmXSJsnGexhENG2M9fwLSAJhRPyGzQu53AcoHw1Rd-l35tY8LazMOJgVjaoY1pvubaJqHWD4JbCOh9nRdKIOjNaIkJgFkESRUGBHERoTL6GrVYRnjzJejZd5e9Jd5oXHKoSeB3-Z9ncKBklcmXazbqWXMSFa9qLl_0NQ0PGszo3ypub44982W5sXa3g6OaHkV1A9Gp-EvPbQDkczw
Frame ID: AF42E555EA48E209C32DD145DE70C1E4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 562D0A2321524754219C6AD77AB81008
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DE85C924D8C40A6398C7662E0D77FA99
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250
Frame ID: 9FCE7B1A1F6790AC7819A1FA46C43F52
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E375F064767388CEAEF791B6512D7F4A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2B5BB23DF28322B621DF043B46C20916
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Its Bawa - lazy sunday dinner ideas,find vegetarian recipes,sweet breakfast ideas

Page URL History Show full URLs

http://itsbawa.com/ HTTP 301
https://itsbawa.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

132
Requests

86 %
HTTPS

59 %
IPv6

24
Domains

33
Subdomains

25
IPs

8
Countries

1827 kB
Transfer

4659 kB
Size

25
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ilovewp.com/themes/nutmeg/
Title: Nutmeg

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://itsbawa.com/ HTTP 301
https://itsbawa.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHICMtbVJ7mf9Z0uFmzIbro&google_cver=1&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzqCSplyloMTYsfsuLk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzqCSplyloMTYsfsuLk&google_hm=zeVDlrayQMe6MwgZNmQfY24

Request Chain 56

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEP5jOU6ImArrZ-lHRHi_YVY&google_cver=1&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw992Uz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw992Uz&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B

Request Chain 57

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEE_7gqTBKkPJM3tIZ3OYB2s&google_cver=1&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEE_7gqTBKkPJM3tIZ3OYB2s&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=

Request Chain 58

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHfGhj2iXJkn1HZGqGi2G1w&google_cver=1&google_push=AXcoOmTGnJMvqcWVjnsjIgo8pJ4s2JDbK4nVBDppXw6d7TjRpBD-TX_25hgTed0IIu4doB55uZUv-MhXaXANvPi3UkYTsFGfB5M HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHfGhj2iXJkn1HZGqGi2G1w&google_cver=1&google_push=AXcoOmTGnJMvqcWVjnsjIgo8pJ4s2JDbK4nVBDppXw6d7TjRpBD-TX_25hgTed0IIu4doB55uZUv-MhXaXANvPi3UkYTsFGfB5M&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iq2fisTESQ65g1Y_PsRUFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTGnJMvqcWVjnsjIgo8pJ4s2JDbK4nVBDppXw6d7TjRpBD-TX_25hgTed0IIu4doB55uZUv-MhXaXANvPi3UkYTsFGfB5M

Request Chain 59

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_cver=1&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itNjHa6EhsdXwG-gtezZBrVyOZXhrWSYrCAm5pnoQmNR97rMklBJUO2nyo1yNQ_9de HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itNjHa6EhsdXwG-gtezZBrVyOZXhrWSYrCAm5pnoQmNR97rMklBJUO2nyo1yNQ_9de&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itNjHa6EhsdXwG-gtezZBrVyOZXhrWSYrCAm5pnoQmNR97rMklBJUO2nyo1yNQ_9de

Request Chain 60

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEGQZviZiWzgRySf6Mvvy-7U&google_cver=1&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1uVRhsNRw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1uVRhsNRw&google_hm=ODcwNDUyOTQ3Nzk5MDQxNTY5NA==

Request Chain 76

https://securepubads.g.doubleclick.net/pagead/adview?ai=CsZZjvUUWZbv3DtCZgQeEzLiYDoXe-5lzuPe5v-ARZBABIIvL8J0BYM3w7oCsA6AB1cmdzynIAQmpAmkO-gBZqoo-4AIAqAMByAPLBKoEowJP0OHjy0Q4PC8gYhKoAc-CR8Hkr1-EXc4eX_8IbEztC27YeNkXppxiQbvj1Mhz6_Cwi8DN7bHtU80fKZLKK77CDBWFBeR8bRdaSbnS_ruSj9Hu5rhZIenwNedwZRASH1AHFnyUGDyzAAChSfmvgn6PiVAGqi7nAE8b01Xd8v3zlagln7m9-3Tldz2sM3u8kUV_ShrvdQWePSKTDOm4IUnIHU81A3ck9MXWKV28YCewt0kR5SIPmbwOAjpI3OvPdl9pYD6lEESj2DTdoXUdbQ1S7fPh7w4S0bD9gWnFKTxdYJgaB-NWLNGSLod4nnXB5UVjFUFkumvdKUHw0PYtILN8GwuUdk5cPs2TABZGpDT8_KzFM2raXf6V_KWX_fjEEqhR9U3ABISov5_dBOAEAYgFlZie2kySBQQIBBgBkgUECAUYBKAGLtgGAoAH1YHurgSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCmjwGgCK2SPbAIAtIIFAiAYRABGB0yAooCOgKAQEi9_cE6mgkdaHR0cHM6Ly93d3cuYmFyZG9zY3Jhdm9zLmNvbS-ACgPICwGYDJStqcbABNoMEAoKEICn8LOgiPX9MRICAQPiDRMIveOKzfHOgQMV0EzgCh0EJg7juBODBNgTDoIUDRoLaXRzYmF3YS5jb23QFQGAFwGyFx8KHQgAEhRwdWItNjUyNzM3NzA1OTkxMDMyORip5pMB&sigh=MsMmTvjexfw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSPADICaaN9BnEjjbnZwQub5NaAkZ3xh1gGSPUJ5V5ZM8exZs4N6Jh8LPJp3f_1P2L0Xy3hzlbXJxMwX0tmxgB&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x27c94cadfd8c136e0000000000000000%22,%222%22:%220xb18cd751357bc6220000000000000000%22,%223%22:%220xd91f6cfa03f79bdf0000000000000000%22,%224%22:%220x9a17091d92df77e50000000000000000%22,%225%22:%220xfd4727b615cf326a0000000000000000%22},%22debug_key%22:%2210869109222706231074%22,%22debug_reporting%22:true,%22destination%22:%22https://bardoscravos.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211172013269%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229388477363123749057%22}&andc=true

Request Chain 92

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFnnG1k3JbY3qfligN0oRg4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFnnG1k3JbY3qfligN0oRg4%26google_cver%3D1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTE0ODM3MjIxOTI3NzYwNzAxMQ%3D%3D

Request Chain 119

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDOEXhOYRxbQIOYUgsWSnV0&google_cver=1&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQtPz4Kx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQtPz4Kx&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B

Request Chain 120

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELdRTDnoT8B1LND2eJk8fck&google_cver=1&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9bpWjbiFZmCXwwv4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9bpWjbiFZmCXwwv4&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=

Request Chain 121

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_cver=1&google_push=AXcoOmQ6av_ibTufTcO5q2WO4pbfdlv5jHDMvOdovmwAEFG15_rPhu3ppfCaP9YhS1CqwPNFeILrbRIc3nUEjX6VuwTIZa_kc9MC HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmQ6av_ibTufTcO5q2WO4pbfdlv5jHDMvOdovmwAEFG15_rPhu3ppfCaP9YhS1CqwPNFeILrbRIc3nUEjX6VuwTIZa_kc9MC

Request Chain 122

https://ads.yieldmo.com/exptsync?google_gid=CAESEOlqqZVLGijg6apHFzF43C8&google_cver=1&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n&google_hm=M1JVdzJBQXNzaUE5Q2JjcHBxeDg=

Request Chain 124

https://t.adx.opera.com/pub/sync?pubid=pub6871767557696&google_push=AXcoOmSBx83Y4TwEE3WwL4ClYvpVVSFWT98SEhCYKCaPOFzdxifQQ8mzFYM8cuP4YLCryqqAy3HWOtCyr6lth7WLNPpcou2Avit71g&google_gid=CAESEHKW_OhwwemuJuflJEYry4A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHKW_OhwwemuJuflJEYry4A&google_hm=T1BVMDg3NTUxNTU5MjIzNGExNzgyOTFmMWM4NDFkNGE3YWI&google_nid=opera_norway_as&google_push=AXcoOmSBx83Y4TwEE3WwL4ClYvpVVSFWT98SEhCYKCaPOFzdxifQQ8mzFYM8cuP4YLCryqqAy3HWOtCyr6lth7WLNPpcou2Avit71g

Request Chain 125

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESECok9l7QVzUce2hop08eQGE&google_cver=1&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3DquXQg7_t-DE4pcc3zAmsP2DVpvmwRXnTYfmXA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3DquXQg7_t-DE4pcc3zAmsP2DVpvmwRXnTYfmXA

132 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
itsbawa.com/
Redirect Chain

http://itsbawa.com/
https://itsbawa.com/

310 KB
105 KB

845ms
464ms

Document
text/html

2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/8.0.28

Resource Hash

4ed5d2680b7b7ce0b244809fada4bcfdbbca195ea1185c3f9935a982cc43e633

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: public, max-age=0
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 03:34:20 GMT
expires: Fri, 29 Sep 2023 03:34:20 GMT
link: <https://itsbawa.com/wp-json/>; rel="https://api.w.org/"
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.0.28

Redirect headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Fri, 29 Sep 2023 03:34:19 GMT
location: https://itsbawa.com/
platform: hostinger
server: LiteSpeed

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 155 KB
51 KB 221ms
83ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6527377059910329

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43e52c602fdceea6c97627c6ed6ffe2d6d774cae955df9971fabb74d0841f783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51586
x-xss-protection: 0
server: cafe
etag: 18417101150139754760
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:20 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/ 390 KB
132 KB 249ms
105ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/show_ads_impl_fy2021.js?bust=31078321

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6527377059910329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73d5fddf856047a2685f205d0caed8bc98051486cc19f4468c5b50d14f625620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134953
x-xss-protection: 0
server: cafe
etag: 7210762140410655816
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/ Frame 0047 10 KB
5 KB 218ms
66ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6527377059910329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

age: 29421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 19:23:59 GMT
etag: 2603938475786422795
expires: Thu, 12 Oct 2023 19:23:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 frontend-blocks.js Show response
itsbawa.com/wp-content/plugins/simple-social-buttons/assets/js/ 0
140 B 193ms
192ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/plugins/simple-social-buttons/assets/js/frontend-blocks.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 22 Jul 2023 17:17:15 GMT
server: LiteSpeed
etag: "0-64bc0f1b-5fbac57310e7a92a;;;"
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 0
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 38f742cf3403f6c37f9b0d60f55bb4f2.js Show response
itsbawa.com/wp-content/cache/debloat/js/ 99 KB
33 KB 245ms
243ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/cache/debloat/js/38f742cf3403f6c37f9b0d60f55bb4f2.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5674b0a11a287377a390c9a6c3c2946b3304596cb4fd10a63f5203a3a85f8a31

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 15 Aug 2023 14:32:15 GMT
server: LiteSpeed
etag: "18aee-64db8c6f-eba2250173b22807;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 33264
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 ced9c4e16e90ae470de8cd6a705d9c9a.js Show response
itsbawa.com/wp-content/cache/debloat/js/ 3 KB
1 KB 248ms
246ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/cache/debloat/js/ced9c4e16e90ae470de8cd6a705d9c9a.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

1c653354ff5f5d33d4f584291d563138c565e4647eabd83ab9a3cf0665c911d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 02 Aug 2023 09:39:24 GMT
server: LiteSpeed
etag: "b43-64ca244c-e23e92c6f135ad4a;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 1074
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 optimole_lib_no_poly.min.js Show response
mlqchzvmg8af.i.optimole.com/js-lib/v2/latest/ 13 KB
4 KB 327ms
66ms Script
text/javascript 2600:9000:237d:ac00:2:6f7a:6f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mlqchzvmg8af.i.optimole.com/js-lib/v2/latest/optimole_lib_no_poly.min.js
Requested by: Host: itsbawa.com
URL: https://itsbawa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:ac00:2:6f7a:6f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9eef86302b4cafaa9ceb5705c0791ecfda2ea2a20d7b9b84adbe352a1df7374

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Mon, 18 Sep 2023 08:34:52 GMT
content-encoding: gzip
via: 1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
last-modified: Mon, 18 Sep 2023 08:33:57 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 932369
etag: W/"0eb89ca19c4471edb661005556332adc"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=31536000,public
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: fcZWWBbrUlQVL5fn7Sr0KfWaoyPkw5UP29Kx2RRIPW_HsF_3YkxiVg==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 155 KB
50 KB 63ms
61ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6527377059910329&host=ca-host-pub-2644536267352236

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

315e2b09f9134e226febb6a0a031bdd86a6f5f1e14b70059e33d31a1be49f99d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51552
x-xss-protection: 0
server: cafe
etag: 861212155687445870
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:20 GMT

GET
H2 200 newsreader-v7-latin-regular.woff2
itsbawa.com/wp-content/themes/nutmeg/fonts/ 21 KB
21 KB 198ms
196ms Font
font/woff2 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/newsreader-v7-latin-regular.woff2

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

624cde597eca3d6f239fa030922a186f6361bcea38ef36267d0ca812c6d945c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "5410-63cbec30-5b7e4d43b2967aa5;;;"
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 21520
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 montserrat-v23-latin-600.woff2
itsbawa.com/wp-content/themes/nutmeg/fonts/ 12 KB
12 KB 198ms
197ms Font
font/woff2 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/montserrat-v23-latin-600.woff2

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "315c-63cbec30-ef43ac752d77feaf;;;"
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 12636
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 icomoon.ttf
itsbawa.com/wp-content/themes/nutmeg/fonts/ 3 KB
2 KB 198ms
198ms Font
application/x-font-ttf 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/icomoon.ttf?nw1ubk

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

7cbc2438a8d8a681cbdaacd18d52d9452fe3f355e10b5539a3f50ed8fe776336

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "c4c-63cbec30-889c5b94b87784fb;br"
vary: Accept-Encoding
content-type: application/x-font-ttf
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 1704
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 newsreader-v7-latin-600.woff2
itsbawa.com/wp-content/themes/nutmeg/fonts/ 22 KB
22 KB 200ms
199ms Font
font/woff2 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/newsreader-v7-latin-600.woff2

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

cd265f018e8c987adb80c2564378af30acab3f9b44e4c15c4aa8671d3e9a0545

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "5980-63cbec30-7d50f1e39bd2ccee;;;"
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 22912
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 cropped-itsbawa.com_.webp
mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:500/h:125/q:mauto/f:best/https://itsbawa.com/wp-content/uploads/2023/05/ 10 KB
11 KB 370ms
126ms Image
image/webp 2600:9000:237d:ac00:2:6f7a:6f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:500/h:125/q:mauto/f:best/https://itsbawa.com/wp-content/uploads/2023/05/cropped-itsbawa.com_.webp

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:ac00:2:6f7a:6f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Optimole /

Resource Hash

aa4c8cac1550a9afaa1b33e95c7000d83f7f0763fb91bf680f3310dae8513d9e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 07:49:00 GMT
content-security-policy: script-src 'none'
via: 1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 71120
x-cache: Hit from cloudfront
content-disposition: inline; filename="cropped-itsbawa.com_.webp"
alt-svc: h3=":443"; ma=86400
content-length: 10632
x-request-id: nZuzLPozecbwyCZdnf_Uw
server: Optimole
accept-ch: ECT
etag: "Jsh41RjycAX-kvaA3x98do7aLCzErPfXdB8Ou8S4iqM/RIjJhMGI5MWZmYTYyOWFjOWRjODY2MDAyMWRlYzE5MTVmIg"
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-id: gWCasNXoM5U7xdSgu-pVpVbhq9gIkBrNUioW1uo2-Pybu6gGeKabEw==
expires: Fri, 27 Sep 2024 07:49:00 GMT

GET
H2 200 Chicken-Marsala-1.jpg
mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:410/h:410/q:mauto/rt:fill/g:ce/f:best/https://itsbawa.com/wp-content/uploads/2023/04/ 22 KB
23 KB 375ms
131ms Image
image/webp 2600:9000:237d:ac00:2:6f7a:6f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:410/h:410/q:mauto/rt:fill/g:ce/f:best/https://itsbawa.com/wp-content/uploads/2023/04/Chicken-Marsala-1.jpg

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:ac00:2:6f7a:6f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Optimole /

Resource Hash

610307a1a9916e31c6e47353555eacee8ce4cb922fe3ce1a97c8924a530dc1f5

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 07:49:01 GMT
content-security-policy: script-src 'none'
via: 1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 71119
x-cache: Hit from cloudfront
content-disposition: inline; filename="Chicken-Marsala-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22846
x-request-id: V_GbTOwRdnCCL0pEPIkPv
server: Optimole
accept-ch: ECT
etag: "o8CfssVJDYf7xsr7tevYe8l8Dg4z3_YGapeDwzRd5jE/RIjhmNDc2OGZiMTQyMjBhNjEzYTllODFkZDMxYTExYTkzIg"
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-id: YXoKHNh4LWhgJSupgzzkCjI9KrzJLolroUUuChK5dhgoGl0RRHrhHg==
expires: Fri, 27 Sep 2024 07:49:01 GMT

GET
H2 200 montserrat-v23-latin-regular.woff2
itsbawa.com/wp-content/themes/nutmeg/fonts/ 12 KB
12 KB 220ms
219ms Font
font/woff2 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/montserrat-v23-latin-regular.woff2

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "3168-63cbec30-1b8a735abe605f57;;;"
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 12648
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 Grandma-Chicken-Noodle-Soup-1.webp
mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:410/h:410/q:mauto/rt:fill/g:ce/f:best/https://itsbawa.com/wp-content/uploads/2023/04/ 18 KB
19 KB 322ms
125ms Image
image/webp 2600:9000:237d:ac00:2:6f7a:6f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mlqchzvmg8af.i.optimole.com/cb:Yd1H.1debf/w:410/h:410/q:mauto/rt:fill/g:ce/f:best/https://itsbawa.com/wp-content/uploads/2023/04/Grandma-Chicken-Noodle-Soup-1.webp

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:ac00:2:6f7a:6f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Optimole /

Resource Hash

18bdf10bc50a7bc3c4e9e74ca28f75511caebb904d3af6720eb0f95459953dff

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 07:49:01 GMT
content-security-policy: script-src 'none'
via: 1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 71119
x-cache: Hit from cloudfront
content-disposition: inline; filename="Grandma-Chicken-Noodle-Soup-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 18862
x-request-id: iYdUwAu9bqrfhY29ck9gv
server: Optimole
accept-ch: ECT
etag: "fMSIO7EFleOjWL_geR2stf-aTb-X2Z3hE7Pg8ThgDao/RImMwZTY2MWM3ODVjYTQ0NmY1MTIzMzI5NTBjNDU4MWU5Ig"
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-id: eaUfN3mc9FDZ6SD-t2nBAEX61Je0O0radRU8QZxJjKaQv7nXilhIbQ==
expires: Fri, 27 Sep 2024 07:49:01 GMT

GET
DATA 200
OK truncated
/ 144 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3246a9106fd3dc1b6eb814c4b65fd0830b1a6412a47ff217a0e487bbbe4cd4b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2beef06223d6ede7b92e9931ee927a76fa8b06a837a0d2181bf974a098d9ec1

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 263ms
67ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3547f5d1b7e018b0ca425de03cc0aa8febf24458694bb3d025676f365d91031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29427
x-xss-protection: 0
server: cafe
etag: 500 / 19629 / 31078189 / config-hash: 6693637385863441016
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:20 GMT

GET
H2 200 b38cdc7185502c9ab6aa6e4a7fe13482.js Show response
itsbawa.com/wp-content/cache/debloat/js/ 52 KB
14 KB 256ms
255ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/cache/debloat/js/b38cdc7185502c9ab6aa6e4a7fe13482.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

fcc7eca0021cf07d4bd8c4a5c522a8568b779e97322979fdd066668a3b5d495b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 08 Aug 2023 21:00:19 GMT
server: LiteSpeed
etag: "cf58-64d2ace3-cadee26b181e5da0;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 13838
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 a504b8be44ef82670f68afaf0a38abd0.js Show response
itsbawa.com/wp-content/cache/debloat/js/ 1 KB
753 B 257ms
256ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/cache/debloat/js/a504b8be44ef82670f68afaf0a38abd0.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 02 Aug 2023 08:02:55 GMT
server: LiteSpeed
etag: "5db-64ca0daf-c9676c0eabf8da2d;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 667
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 846af37338807aa8b54beb3666931f43.js Show response
itsbawa.com/wp-content/cache/debloat/js/ 16 KB
3 KB 257ms
257ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/cache/debloat/js/846af37338807aa8b54beb3666931f43.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

245105bfe43ccb81c0d3e2acd7ccdb5584b65e7615b3a26d262022378e5638ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 12 Sep 2023 04:58:03 GMT
server: LiteSpeed
etag: "41b0-64ffefdb-562bdc6fff1277d;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 3339
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 montserrat-v23-latin-500.woff2
itsbawa.com/wp-content/themes/nutmeg/fonts/ 12 KB
12 KB 215ms
215ms Font
font/woff2 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/themes/nutmeg/fonts/montserrat-v23-latin-500.woff2

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

d820d5dfd8e04c7fc43530a20e0d9759f3f398f02bb57046fbbcae5ecce469a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://itsbawa.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:44:16 GMT
server: LiteSpeed
etag: "3198-63cbec30-eb9b56f9467102e3;;;"
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 12696
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 style.min.css
itsbawa.com/wp-includes/css/dist/block-library/ 0
12 KB 235ms
234ms Other
text/css 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 15 Aug 2023 14:30:42 GMT
server: LiteSpeed
etag: "19824-64db8c12-7d79631fe0b40166;br"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 12669
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 0c3ef5375424ae2733705139f7f282ab.css
itsbawa.com/wp-content/uploads/hummingbird-assets/ 0
12 KB 240ms
239ms Other
text/css 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/uploads/hummingbird-assets/0c3ef5375424ae2733705139f7f282ab.css

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 20 Sep 2023 18:36:53 GMT
server: LiteSpeed
etag: "22092-650b3bc5-46827c5c4b64d03b;br"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 12555
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 dashicons.min.css
itsbawa.com/wp-includes/css/ 0
34 KB 241ms
240ms Other
text/css 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-includes/css/dashicons.min.css

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 21 Jan 2023 13:22:50 GMT
server: LiteSpeed
etag: "e688-63cbe72a-2c712b8be8556e0f;br"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 35099
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 9166800961ddec96fd73db45d4015d48.css
itsbawa.com/wp-content/uploads/hummingbird-assets/ 0
11 KB 241ms
240ms Other
text/css 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/uploads/hummingbird-assets/9166800961ddec96fd73db45d4015d48.css

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 20 Sep 2023 18:36:54 GMT
server: LiteSpeed
etag: "11d39-650b3bc6-aec2822b24082e56;br"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 11563
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 delay-load.min.js Show response
itsbawa.com/wp-content/plugins/debloat/inc/delay-load/js/ 3 KB
1 KB 231ms
230ms Script
application/x-javascript 2a02:4780:b:964:0:1a82:3b37:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://itsbawa.com/wp-content/plugins/debloat/inc/delay-load/js/delay-load.min.js?ver=1.2.3

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:964:0:1a82:3b37:1 , Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

98b3f307a592154d8029581be6fa886f72839f6b918ef689581310ace8b6480c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 24 Aug 2023 12:02:21 GMT
server: LiteSpeed
etag: "ce3-64e746cd-948b0383b52008d7;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
platform: hostinger
content-length: 1343
expires: Fri, 06 Oct 2023 03:34:20 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
602 B 252ms
70ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=itsbawa.com&callback=_gfp_s_&client=ca-pub-6527377059910329

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/show_ads_impl_fy2021.js?bust=31078321

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78e2b46c5f49ad741e502e589a5587a39dd95c7c9df02db1d4edb9b60d684e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4419 0
188 B 164ms
163ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6527377059910329&output=html&adk=1812271804&adf=3025194257&lmt=1695954860&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A32768%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x1080_l%7C188x1080_r&format=0x0&url=https%3A%2F%2Fitsbawa.com%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695958460558&bpp=44&bdt=292&idt=334&shv=r20230927&mjsv=m202309280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=843656399060&frm=20&pv=2&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078143%2C31078144%2C31078321%2C44803790%2C44804179&oid=2&pvsid=190859508569122&tmod=1531593998&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=392

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/show_ads_impl_fy2021.js?bust=31078321

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:21 GMT
expires: Fri, 29 Sep 2023 03:34:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/ 410 KB
129 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6f8385a32456868e5011ef7af0cd073451d45efa2771adc8a6a22374ddcb9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 08:08:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69972
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132169
x-xss-protection: 0
server: cafe
etag: 13153470105769340090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 27 Sep 2024 08:08:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
14 KB 880ms
879ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=190859508569122&correlator=2369940004235468&eid=31078189%2C31078018%2C44780989&output=ldjh&gdfp_req=1&vrg=202309210203&ptt=17&impl=fif&iu_parts=22912165821%2CSide&enc_prev_ius=%2F0%2F1&prev_iu_szs=240x400&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695958461178&lmt=1695954861&adxs=1100&adys=3782&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fitsbawa.com%2F&vis=1&psz=300x400&msz=300x400&fws=0&ohw=0&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=false&dlt=1695958460266&idt=869&adks=2118603441&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61be7844e67a3d17b77f3006ddc447d2fbe070b43dbbbd888b563ae1dab3a55f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13892
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsbawa.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 142 KB
44 KB 378ms
377ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=190859508569122&correlator=2369940004235468&eid=31078189%2C31078018%2C44780989&output=ldjh&gdfp_req=1&vrg=202309210203&ptt=17&impl=fif&iu_parts=22912165821%2CDesktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=750x300&ifi=3&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695958461186&lmt=1695954861&adxs=200&adys=9696&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fitsbawa.com%2F&vis=1&psz=850x300&msz=850x300&fws=0&ohw=0&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=false&dlt=1695958460266&idt=869&adks=1784568907&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1485239c306024e6c394180a15d165493fc21e4ea7cfe118f120cad48a0a2eb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44939
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsbawa.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
14 KB 636ms
636ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=190859508569122&correlator=2369940004235468&eid=31078189%2C31078018%2C44780989&output=ldjh&gdfp_req=1&vrg=202309210203&ptt=17&impl=fif&iu_parts=22912165821%2CDesktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=750x300&ifi=4&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695958461189&lmt=1695954861&adxs=200&adys=5788&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fitsbawa.com%2F&vis=1&psz=850x300&msz=850x300&fws=0&ohw=0&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=false&dlt=1695958460266&idt=869&adks=268601446&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

319f83963e6f846eda994326d736458e57ff9efaf533a1563e0b8bbacb4ead8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14255
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsbawa.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 1236ms
1236ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=190859508569122&correlator=2369940004235468&eid=31078189%2C31078018%2C44780989&output=ldjh&gdfp_req=1&vrg=202309210203&ptt=17&impl=fif&iu_parts=22912165821%2CDesktoptop&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=5&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695958461191&lmt=1695954861&adxs=200&adys=2990&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fitsbawa.com%2F&vis=1&psz=850x90&msz=850x90&fws=0&ohw=0&ga_vid=544484844.1695958461&ga_sid=1695958461&ga_hid=320838267&ga_fc=false&dlt=1695958460266&idt=869&adks=701335346&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb6eb34ae179eeb96f8ac86cd94f6960c06b68c2a7a477f0c883175e8b715504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12166
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsbawa.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C2C8 6 KB
3 KB 235ms
59ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:21 GMT
expires: Sat, 28 Sep 2024 03:34:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 81ms
80ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230927&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/show_ads_impl_fy2021.js?bust=31078321

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a75500e8a5e7ff44876703337b316290500099ca44c0df47cc7a7d887c9402

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12245
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 185 KB
68 KB 228ms
58ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-259155793-1

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/wp-content/plugins/debloat/inc/delay-load/js/delay-load.min.js?ver=1.2.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa5955542bf864ce27c7398daeb2a391343308237d57ea2e664f3386bdf1b1ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68958
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Sep 2023 03:34:21 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 3143ms
3017ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309280101/show_ads_impl_fy2021.js?bust=31078321

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Sep 2023 03:34:24 GMT

GET
H2 200 container.html Show response
e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E41D 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:21 GMT
expires: Sat, 28 Sep 2024 03:34:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame E41D 14 KB
2 KB 185ms
49ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e845fcb50a34be246ce18c0187a8662517a3a7a45673ab56ef124fe70da00dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 03:29:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 03:34:21 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame E41D 2 KB
946 B 45ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38723
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame E41D 23 KB
9 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38724
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:57 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame E41D 3 KB
1 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38723
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FDED 1 KB
643 B 42ms
42ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

age: 70736
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 07:55:25 GMT
etag: 48472445140208031
expires: Fri, 29 Sep 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame E41D 20 KB
8 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38723
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H2 200 nessie_icon_tiamat_white.png
tpc.googlesyndication.com/pagead/images/ Frame E41D 225 B
355 B 50ms
47ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_white.png

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 09:44:05 GMT
x-content-type-options: nosniff
server: cafe
age: 64216
etag: 14085932017949564970
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 29 Sep 2023 09:44:05 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E41D 0
0 205ms
74ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTM5yv-MQrqMijJa97BhfQDH9rQgFkwTAF-tklxro_Al2Hl98eAKcuj_tHnpV0RzfGLZf-9PhQzEs2n5pBtUTev0-tZ4g
Requested by: Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E41D 182 KB
58 KB 210ms
79ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:21 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame E41D 36 KB
15 KB 185ms
49ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Mon, 25 Sep 2023 20:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Dec 2023 20:38:48 GMT

GET
H2 200 data=cjoZ-tu8etrSvjyt8bdIfOStjFKgGnSy9sj9rbNLggJRXKm5AG6KESltqh4lzWBZJdkh73Ny4oE-Gj0KepiQjNnwwAuFQH7RjkwpSOE_eaeB8WVmR74Q9YEE
mts0.google.com/vt/ Frame E41D 90 KB
91 KB 502ms
312ms Image
image/png 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=cjoZ-tu8etrSvjyt8bdIfOStjFKgGnSy9sj9rbNLggJRXKm5AG6KESltqh4lzWBZJdkh73Ny4oE-Gj0KepiQjNnwwAuFQH7RjkwpSOE_eaeB8WVmR74Q9YEE

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

0bb0c4d097a024f47f6af01fc8a4aec2598e5b25d10288d45609268b5e72fea0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=255
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92452
x-xss-protection: 0
x-server-version-bin: CggIBBDiptSoBg==
server: scaffolding on HTTPServer2
etag: 07b801490df1e4078
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Fri, 29 Sep 2023 04:34:22 GMT

GET
DATA 200
OK truncated
/ Frame E41D 244 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E41D 333 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E41D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce4cea7f54570bc47d8731266d6c2f1d21c86bc87375c71ab7755eca2cddde70

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame FDED 35 B
463 B 250ms
72ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGJb4ahlOyHb-tnDe8HgNHQ&google_cver=1&google_push=AXcoOmSryVjEzqD1MyzR-a7m6DdZVmnSj40xn5nWGKkXA7Ltty41pIHXN1TZgYdU0Tkv-Vpa7l5pJbED7pUL43lx_wNsDourZm0

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHICMtbVJ7mf9Z0uFmzIbro&google_cver=1&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzq...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzqCSplyloMTYsfsuLk&google_hm=zeVDlrayQMe6MwgZNmQfY24

170 B
329 B

57ms
57ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzqCSplyloMTYsfsuLk&google_hm=zeVDlrayQMe6MwgZNmQfY24

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:21 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIx1Xq2XyTYwUZkKg9e3kd1wE9wAK0PPlawqMK0kutezOl9B9fs91I5U2UgcTeLauvqQo8O2spVzqCSplyloMTYsfsuLk&google_hm=zeVDlrayQMe6MwgZNmQfY24
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEP5jOU6ImArrZ-lHRHi_YVY&google_cver=1&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw992Uz&google_hm=eS1TR25qQVo5RTJwRVp4a2...

170 B
232 B

50ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw992Uz&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 29 Sep 2023 03:34:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRTSBzhN-mn3aPHDTYLMOcbYPYQJCgpSTF9w667gw1pmLrN7O2BlcfBhu2xDipJ8ujwIK9Ps61OsYA4gA7Aabn1LMw992Uz&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEE_7gqTBKkPJM3tIZ3OYB2s&google_cver=1&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSX...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEE_7gqTBKkPJM3tIZ3OYB2s&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSX...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB&google_hm=Z2NmTFB0bm01d2otUlI1...

170 B
188 B

47ms
46ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 29 Sep 2023 03:34:22 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQiwNxO0SL13aZaMwZc9ugZQZb8cLIjDxRLQSno_qh74IlUZwECtzdZeLgE0ib-ccqLt7Xm-o3EGshSXQifOAH9IlICR5LB&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iq2fisTESQ65g1Y_PsRUFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
232 B

100ms
100ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iq2fisTESQ65g1Y_PsRUFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTGnJMvqcWVjnsjIgo8pJ4s2JDbK4nVBDppXw6d7TjRpBD-TX_25hgTed0IIu4doB55uZUv-MhXaXANvPi3UkYTsFGfB5M

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iq2fisTESQ65g1Y_PsRUFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTGnJMvqcWVjnsjIgo8pJ4s2JDbK4nVBDppXw6d7TjRpBD-TX_25hgTed0IIu4doB55uZUv-MhXaXANvPi3UkYTsFGfB5M
date: Fri, 29 Sep 2023 03:34:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_push=AX...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itN...

170 B
232 B

60ms
60ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itNjHa6EhsdXwG-gtezZBrVyOZXhrWSYrCAm5pnoQmNR97rMklBJUO2nyo1yNQ_9de

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQa5WqkzO0oMJEqZH8wSE%2BoqUR%2B4Sd8p2ACD9b4BK7T8oPoxUVti5H0q1cqYB6EIACO7ppL81GGhBuSbJYNemNaFFMi1TzJwGRKlheF9vISzInE2mTacHPosbeuarcXm%2BWZJkBqA3PAuKg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJOqGySuSggdtpj8hf2QXZE&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmR6bXWxRYRUnAbG3zh-mKcfTAslF4itNjHa6EhsdXwG-gtezZBrVyOZXhrWSYrCAm5pnoQmNR97rMklBJUO2nyo1yNQ_9de
cache-control: no-cache
cf-ray: 80e12b832b6a7749-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FDED
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEGQZviZiWzgRySf6Mvvy-7U&google_cver=1&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1u...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1uVRhsNRw&google_hm=ODcwNDUyO...

170 B
232 B

81ms
81ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1uVRhsNRw&google_hm=ODcwNDUyOTQ3Nzk5MDQxNTY5NA==

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRZykBme2zRvkOoXttjyzxxYZNYKkbI3fJIB1jLxtTV1_Khcl0IdFjWELWp5gKB3ttLxFFY1eK_nkYAXtX8m6Rdx1uVRhsNRw&google_hm=ODcwNDUyOTQ3Nzk5MDQxNTY5NA==
Date: Fri, 29 Sep 2023 03:34:21 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame FDED 0
139 B 224ms
82ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LS-WrH67ilHjS1614dWsmCOvXyKnpDVKTBWInfQ771eXchBfdYCfQug1EFlHGuIrovinCjiQ

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012309151607000/ Frame 3AED 223 KB
62 KB 215ms
60ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed0329ded0e3e15f1da42e303456565efd908295a3a4c0fb1984decc0fec3ee7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62227
x-xss-protection: 0
server: sffe
etag: "41242159531b2c89"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3AED 15 KB
5 KB 234ms
79ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed34e84a189ed3e7735ec026a4be0ffa93c4e8f63450a5b0258bd46fc8459241

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5217
x-xss-protection: 0
server: sffe
etag: "62ebb0de0df26f82"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3AED 94 KB
28 KB 248ms
92ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0021634309d4f589c6803d3d3dbe0ab9402a524993ab8df667d16c33d23d1fec

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29001
x-xss-protection: 0
server: sffe
etag: "c5564a9c7a93c19c"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3AED 5 KB
2 KB 247ms
92ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ac93a925b888b68155813661a5cd3a2f5e5641ba1176bfb266eb349b38002c5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1915
x-xss-protection: 0
server: sffe
etag: "dde9f9175af3842f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3AED 40 KB
13 KB 245ms
90ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ceab4ff3d4af4f6402234da5817d688928c26a39ae798050f9da58bca0d415b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12961
x-xss-protection: 0
server: sffe
etag: "97cee024b23d3389"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3AED 14 KB
1 KB 62ms
60ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e845fcb50a34be246ce18c0187a8662517a3a7a45673ab56ef124fe70da00dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 03:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 01:53:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 03:34:21 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3AED 3 KB
3 KB 37ms
36ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 13:47:11 GMT
x-content-type-options: nosniff
server: cafe
age: 49630
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2982
x-xss-protection: 0
expires: Fri, 29 Sep 2023 13:47:11 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3AED 344 B
449 B 52ms
51ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 06:58:21 GMT
x-content-type-options: nosniff
server: cafe
age: 74160
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 29 Sep 2023 06:58:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3AED 0
0 54ms
53ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSYoDfzFK7dg3qnzt8VqXa2N3J1U6oGWAFSJE7uO8zeCOYKy9bIlcwY6CxCHZruohnHzf8urEgbWKfJXU7w6Y02_KN-GQ
Requested by: Host: itsbawa.com
URL: https://itsbawa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/12749228564821646933/ Frame 3AED 9 KB
9 KB 149ms
148ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12749228564821646933/14763004658117789537?w=400&h=209

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ae87f7e53365c50bb59128d8b605397fb02265bebbc16daf7c5968a89eb6f66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:21 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8808
x-xss-protection: 0
last-modified: Sat, 03 Sep 2022 04:18:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 03:34:21 GMT

GET
DATA 200
OK truncated
/ Frame 3AED 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3AED 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 843245d38197c1ae733406b6faeda0f9b53376d8853df5d513a880489c822166

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3AED 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23edef6e70590e3db1c2a5137351730d3d94e47a72b213dfe26e58067d217743

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/png

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 271ms
85ms Preflight
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CsZZjvUUWZbv3DtCZgQeEzLiYDoXe-5lzuPe5v-ARZBABIIvL8J0BYM3w7oCsA6AB1cmdzynIAQmpAmkO-gBZqoo-4AIAqAMByAPLBKoEowJP0OHjy0Q4PC8gYhKoAc-CR8Hkr1-EXc4eX_8IbEztC27YeNkXppxiQbvj1Mhz6_Cwi8DN7bHtU80fKZLKK77CDBWFBeR8bRdaSbnS_ruSj9Hu5rhZIenwNedwZRASH1AHFnyUGDyzAAChSfmvgn6PiVAGqi7nAE8b01Xd8v3zlagln7m9-3Tldz2sM3u8kUV_ShrvdQWePSKTDOm4IUnIHU81A3ck9MXWKV28YCewt0kR5SIPmbwOAjpI3OvPdl9pYD6lEESj2DTdoXUdbQ1S7fPh7w4S0bD9gWnFKTxdYJgaB-NWLNGSLod4nnXB5UVjFUFkumvdKUHw0PYtILN8GwuUdk5cPs2TABZGpDT8_KzFM2raXf6V_KWX_fjEEqhR9U3ABISov5_dBOAEAYgFlZie2kySBQQIBBgBkgUECAUYBKAGLtgGAoAH1YHurgSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCmjwGgCK2SPbAIAtIIFAiAYRABGB0yAooCOgKAQEi9_cE6mgkdaHR0cHM6Ly93d3cuYmFyZG9zY3Jhdm9zLmNvbS-ACgPICwGYDJStqcbABNoMEAoKEICn8LOgiPX9MRICAQPiDRMIveOKzfHOgQMV0EzgCh0EJg7juBODBNgTDoIUDRoLaXRzYmF3YS5jb23QFQGAFwGyFx8KHQgAEhRwdWItNjUyNzM3NzA1OTkxMDMyORip5pMB&sigh=MsMmTvjexfw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSPADICaaN9BnEjjbnZwQub5NaAkZ3xh1gGSPUJ5V5ZM8exZs4N6Jh8LPJp3f_1P2L0Xy3hzlbXJxMwX0tmxgB&template_id=515&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 03:34:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E41D
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CsZZjvUUWZbv3DtCZgQeEzLiYDoXe-5lzuPe5v-ARZBABIIvL8J0BYM3w7oCsA6AB1cmdzynIAQmpAmkO-gBZqoo-4AIAqAMByAPLBKoEowJP0OHjy0Q4PC8gYhKoAc-CR8Hkr1-EXc4e...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x27c94cadfd8c136e0000000000000000%22,%222%22:%220xb18cd751357bc6220000000000000000%22,%223%22:%220xd91f6c...

0
0

286ms
114ms

Fetch
text/css

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x27c94cadfd8c136e0000000000000000%22,%222%22:%220xb18cd751357bc6220000000000000000%22,%223%22:%220xd91f6cfa03f79bdf0000000000000000%22,%224%22:%220x9a17091d92df77e50000000000000000%22,%225%22:%220xfd4727b615cf326a0000000000000000%22},%22debug_key%22:%2210869109222706231074%22,%22debug_reporting%22:true,%22destination%22:%22https://bardoscravos.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211172013269%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229388477363123749057%22}&andc=true

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x27c94cadfd8c136e0000000000000000","2":"0xb18cd751357bc6220000000000000000","3":"0xd91f6cfa03f79bdf0000000000000000","4":"0x9a17091d92df77e50000000000000000","5":"0xfd4727b615cf326a0000000000000000"},"debug_key":"10869109222706231074","debug_reporting":true,"destination":"https://bardoscravos.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11172013269"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"9388477363123749057"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Sep 2023 03:34:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x27c94cadfd8c136e0000000000000000","2":"0xb18cd751357bc6220000000000000000","3":"0xd91f6cfa03f79bdf0000000000000000","4":"0x9a17091d92df77e50000000000000000","5":"0xfd4727b615cf326a0000000000000000"},"debug_key":"10869109222706231074","debug_reporting":true,"destination":"https://bardoscravos.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11172013269"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"9388477363123749057"}&andc=true
access-control-allow-origin: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame E41D 33 KB
34 KB 185ms
52ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49f9117b94a5252fe9275626b5dd68af08e0b445517dc246e5b444fb617036da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Sat, 23 Sep 2023 07:47:01 GMT
x-content-type-options: nosniff
age: 503241
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34024
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 07:47:01 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 3AED 33 KB
33 KB 196ms
65ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49f9117b94a5252fe9275626b5dd68af08e0b445517dc246e5b444fb617036da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Sat, 23 Sep 2023 07:47:01 GMT
x-content-type-options: nosniff
age: 503241
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34024
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 07:47:01 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012309151607000/ Frame 3FA5 223 KB
61 KB 58ms
55ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed0329ded0e3e15f1da42e303456565efd908295a3a4c0fb1984decc0fec3ee7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62227
x-xss-protection: 0
server: sffe
etag: "41242159531b2c89"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3FA5 15 KB
5 KB 63ms
60ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed34e84a189ed3e7735ec026a4be0ffa93c4e8f63450a5b0258bd46fc8459241

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5217
x-xss-protection: 0
server: sffe
etag: "62ebb0de0df26f82"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3FA5 94 KB
28 KB 63ms
61ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0021634309d4f589c6803d3d3dbe0ab9402a524993ab8df667d16c33d23d1fec

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29001
x-xss-protection: 0
server: sffe
etag: "c5564a9c7a93c19c"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3FA5 5 KB
2 KB 65ms
63ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ac93a925b888b68155813661a5cd3a2f5e5641ba1176bfb266eb349b38002c5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1915
x-xss-protection: 0
server: sffe
etag: "dde9f9175af3842f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012309151607000/v0/ Frame 3FA5 40 KB
13 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ceab4ff3d4af4f6402234da5817d688928c26a39ae798050f9da58bca0d415b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 17:10:59 GMT
age: 296603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12961
x-xss-protection: 0
server: sffe
etag: "97cee024b23d3389"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 24 Sep 2024 17:10:59 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 3FA5 15 KB
1 KB 77ms
77ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3597159923fdb7726640f3a9b3c6235507e8b3f14c4238bcd8499b92ce3e9beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 01:56:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 03:34:22 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3FA5 3 KB
3 KB 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 13:47:11 GMT
x-content-type-options: nosniff
server: cafe
age: 49631
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2982
x-xss-protection: 0
expires: Fri, 29 Sep 2023 13:47:11 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3FA5 344 B
368 B 49ms
48ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 06:58:21 GMT
x-content-type-options: nosniff
server: cafe
age: 74161
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 29 Sep 2023 06:58:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3FA5 0
0 59ms
58ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQiDicRiVOKlaNZdJFjULQPiJHmBg6CxyPfhqts9-0fiW_LM2zHIN5OQVTIh-OE0X_Zf3WJQQ7XYX2q7N6kLRISWrzXaA
Requested by: Host: itsbawa.com
URL: https://itsbawa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
DATA 200
OK truncated
/ Frame 3FA5 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3FA5 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf4c8d51d3c146d92c33b5cddb640cd24990c8f5212634a6f9a5eed446b55f7a

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 3FA5 33 KB
33 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvbQoi-E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49f9117b94a5252fe9275626b5dd68af08e0b445517dc246e5b444fb617036da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsbawa.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Sat, 23 Sep 2023 07:47:01 GMT
x-content-type-options: nosniff
age: 503241
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34024
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 07:47:01 GMT

GET
H3 200 kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js Show response
pagead2.googlesyndication.com/bg/ Frame D875 38 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9203eef2e7058d05a6f6c3f022d1b7c460bd0bce1bfa33dc52dfde9c3dc5e8e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Wed, 27 Sep 2023 07:20:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 159232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14666
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Sep 2024 07:20:30 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3FA5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

52ms
52ms

Image
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: itsbawa.com
URL: https://itsbawa.com/
Protocol: H3
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Redirect headers

date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3AED 0
0 91ms
90ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLyzYvUUWZY6lH5XNgAf8z5bYC_vMt4lz0f39jMgRleXav80BEAEgi8vwnQFgzfDugKwDoAHGyvLpA8gBCakCaQ76AFmqij7gAgCoAwHIAwqqBI8CT9D9PM1xlw-nsIzWuFf_SHVDlmcHAOc2TGcpcm6fhUPWFqmbZM9los5HfDvJbLjMmYKW5r98dKx4LL2DaM_mRqdWu2lKmaa8m3sQzWaLoxd16QKL8BeZzKEIKFfEpOXWc-EHoi6oq60CU9S0r13yL0QvQJEaVByQ94sU3A-LwxsSXcHxSnpaEGJ5uimS49IjrokQ7gBqBLDE01rXzOEihZgWAdXPk48xC0YxCtNnIRN8KBW5WvRlnrMNrCPvDioK6Ux6qop7J9kVEtynxQkk1wiT2atcOVZ6Z5TYS317ofpLUutX9GAuBXyv_NhYjRZD0-N1y4vCCp0YFmUfItPoLMiMDc_OwpEgQQqgFRWeusAE4tTOjOMD4AQBiAW2t6j_JpIFBAgEGAGSBQQIBRgEoAYu2AYCgAeitY0WqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ_vsBoAitkj2wCALSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJbWh0dHBzOi8vYnVzaW5lc3MuZ29vZ2xlLmNvbS92L18vMDE4MTk2MjQzNzkyMTM1OTcyMDgwLzI0NmIvXz9jYWlkPTEwNDY3NTQ4MDg2JmFnaWQ9MTI5NjgwNzc5ODc0JmdjbGlkPXtnY2xpZH2ACgPICwHaDBAKChDg6sW-0e6a9TESAgED4g0TCIXris3xzoEDFZUm4Aod_KcFu9gTCoIUDRoLaXRzYmF3YS5jb23QFQGYFgGAFwGyFx8KHQgAEhRwdWItNjUyNzM3NzA1OTkxMDMyORip5pMB&sigh=r87Fli7nqiU&uach_m=[]&ase=2&nis=5&cid=CAQSPADICaaNW-DUUsEfFKLHuheavx5n6d80xWKis03zbj34x6Hyis_UL-TGuL-w8kwGZt4IqbLs4JrOTwBEFRgB&template_id=5000&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 345ms
145ms Preflight
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 03:34:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3FA5 0
0 85ms
84ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_BYovUUWZfynL--O1PIP35uYsAuJg8Chc9HHgdT5EWQQASCLy_CdAWDN8O6ArAOgAd77iOApyAEBqQJpDvoAWaqKPuACAKgDAcgDCqoEpAJP0DtGLS61s3RnRX9Q8g53hek66Sh_ug5SYIKDShyHcMctPLL6TGbj0eDABfhW64raESYtidK41MIKD97_PDL2x2Q3GHQU24cHxta1xFM_ske8ShLkoPJKgs9S1lH6bU6y4fl3cEGDP6bCJIOPdp11VzppIP6jF_Ywr-6jweuJmA0jhrkYWMaaQhUPrAPbh8NSpdyGrkOV33_LSjBaHRdhowJKb8Nm_n5U_EZnF93U0K8iJKG5CC3jOAehU0RyGldea4WogRIDWPYUR4_pLLlN_s7aOfrMaNRVGIdGRcBAZCFrvDPY4mMVKtKHMTaE1D4g8lzbZSj8O0orUJmhlRtNtjw5nVb9TrHsFASNyI5f6zxgCnzG07An2LnqaP7JCRChQnTswATb4d6yyATgBAGIBa-bgddMkgUECAQYAZIFBAgFGATYBgKAB96z2b8EqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQs64FoAitkj2wCALSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJfmh0dHBzOi8vb2ZlcnRpbmhhc3BhbXBlcnMuY29tL2NvbGxlY3Rpb25zL2Zyb250cGFnZS9wcm9kdWN0cy9wcm9tb2Nhby1mcmFsZGFzLXBhbXBlcnMtY29uZm9ydC1zZWMtY29tcHJlLTEtZS1sZXZlLTItdWx0aW1vLWRpYYAKA8gLAdoMEAoKELD9nqzdgJ_icBICAQPiDRMIzOSKzfHOgQMVbwdVCB3fDQa22BMMghQNGgtpdHNiYXdhLmNvbdAVAZgWAYAXAbIXHwodCAASFHB1Yi02NTI3Mzc3MDU5OTEwMzI5GKnmkwE&sigh=V7SHQiK5UJI&uach_m=[]&ase=2&nis=5&cid=CAQSPADICaaNtA4Q2G1wccw8lJ9WZEWHBGOJxQat2AOMM1yfwHp9Ar_OMOT8NL3RffLlvWnKaeD_ZewO5XAGQhgB&template_id=5020&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
H3 200 container.html Show response
e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2FBD 6 KB
3 KB 57ms
55ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210203/pubads_impl.js?cb=31078189

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:21 GMT
expires: Sat, 28 Sep 2024 03:34:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF42 624 B
242 B 70ms
67ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIL1_68EEIqb_NgEGMWRhfYBMAE&v=APEucNWXSU4piHx7QDmXSJsnGexhENG2M9fwLSAJhRPyGzQu53AcoHw1Rd-l35tY8LazMOJgVjaoY1pvubaJqHWD4JbCOh9nRdKIOjNaIkJgFkESRUGBHERoTL6GrVYRnjzJejZd5e9Jd5oXHKoSeB3-Z9ncKBklcmXazbqWXMSFa9qLl_0NQ0PGszo3ypub44982W5sXa3g6OaHkV1A9Gp-EvPbQDkczw

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2FBD 89 KB
31 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31438
x-xss-protection: 0
server: cafe
etag: 13183557946744512263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FBD 42 B
63 B 96ms
93ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BxJj6ItPBEWfPhfH0wP5b9TSm2X6D_n0qXUJw6XXHmKIPlGueEIdJMPuKKqjFQFwTYSn7DM4vUZJNpU7-R2fJAFFu83qEnYgKlvG0PmkrLPzsLa-g

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FBD 0
20 B 96ms
93ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15105471756002361604&x=1&ct=76

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 2FBD 3 KB
1 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38724
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 2FBD 20 KB
8 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38724
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2FBD 0
0 70ms
68ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTHbBfEef15gFuFjDfxQDHvnEsnqagzItod08MxE_Dt2ncy-PfOdF74Q92GQqyxJlYW1eQcFDrMxVdp1gpOXcUU3RUG-A
Requested by: Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2FBD 182 KB
57 KB 63ms
61ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 03:34:22 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame AF42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1

43 B
336 B

73ms
73ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIL1_68EEIqb_NgEGMWRhfYBMAE&v=APEucNWXSU4piHx7QDmXSJsnGexhENG2M9fwLSAJhRPyGzQu53AcoHw1Rd-l35tY8LazMOJgVjaoY1pvubaJqHWD4JbCOh9nRdKIOjNaIkJgFkESRUGBHERoTL6GrVYRnjzJejZd5e9Jd5oXHKoSeB3-Z9ncKBklcmXazbqWXMSFa9qLl_0NQ0PGszo3ypub44982W5sXa3g6OaHkV1A9Gp-EvPbQDkczw
Protocol: H2
Server: 104.18.26.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wguXpA04A79RUTXPIko5sGQtMJJn6WwjHam9oYKXsZ3Dy92twFIADK55PRa4%2FTvbybTQS%2FsKvJiZKfHHoemZiHmMPHhXlf20jeRi8iO5bC%2FtqrXgF3i0ZUg68pcqxQw4mCnN0fWog6aSw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80e12b87ce447749-LHR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AF42
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1

43 B
774 B

63ms
62ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIL1_68EEIqb_NgEGMWRhfYBMAE&v=APEucNWXSU4piHx7QDmXSJsnGexhENG2M9fwLSAJhRPyGzQu53AcoHw1Rd-l35tY8LazMOJgVjaoY1pvubaJqHWD4JbCOh9nRdKIOjNaIkJgFkESRUGBHERoTL6GrVYRnjzJejZd5e9Jd5oXHKoSeB3-Z9ncKBklcmXazbqWXMSFa9qLl_0NQ0PGszo3ypub44982W5sXa3g6OaHkV1A9Gp-EvPbQDkczw
Protocol: H3
Server: 104.18.26.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jp8Suxz%2BD4TtfIxj1qP%2FUbNjxIeWMQ3UYS%2Bg6g5IPymT1DVSeW3OuoUagGwofKA3wsNrVCGwGdH8el014ATUOnEFxR%2BViYf7bVix845%2B5b3lpINY3g1VMx4xErG65XYN5siq9swKkKNO%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80e12b885e100716-LHR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDt80f576LHSNzem4MCMkKg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame AF42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFnnG1k3JbY3qfligN0oRg4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFnnG1k3JbY3qfligN0oRg4%26google_cver%3D1

43 B
893 B

128ms
128ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFnnG1k3JbY3qfligN0oRg4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIL1_68EEIqb_NgEGMWRhfYBMAE&v=APEucNWXSU4piHx7QDmXSJsnGexhENG2M9fwLSAJhRPyGzQu53AcoHw1Rd-l35tY8LazMOJgVjaoY1pvubaJqHWD4JbCOh9nRdKIOjNaIkJgFkESRUGBHERoTL6GrVYRnjzJejZd5e9Jd5oXHKoSeB3-Z9ncKBklcmXazbqWXMSFa9qLl_0NQ0PGszo3ypub44982W5sXa3g6OaHkV1A9Gp-EvPbQDkczw

Protocol

Server

37.252.171.21 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
an-x-request-uuid: c930c064-fe07-47b8-a18b-ad74a3a3928c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 194.74.212.110; 194.74.212.110; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
an-x-request-uuid: 7307a0e3-7ed2-4165-901a-526adb3c1fef
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFnnG1k3JbY3qfligN0oRg4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 194.74.212.110; 194.74.212.110; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF42
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTE0ODM3MjIxOTI3NzYwNzAxMQ%3D%3D

170 B
188 B

69ms
68ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTE0ODM3MjIxOTI3NzYwNzAxMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
an-x-request-uuid: 715748c8-77a6-4467-ad44-5bdb48024d08
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTE0ODM3MjIxOTI3NzYwNzAxMQ%3D%3D
x-proxy-origin: 194.74.212.110; 194.74.212.110; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FBD 0
20 B 75ms
74ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5637703735719&version=m202309120101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FBD 0
20 B 80ms
79ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5637703735719&version=m202309120101&ct=76&x=1&cor=15105471756002361000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2FBD 92 KB
38 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Djz1Wp445NH_1lDchK5qynlrHDdz4jGwZfXJ7l_WRmFXishWQcVGsPGx7NOW3hTa9nZYbM9n9u0HOt3MLiBLFMVQta0Q&cry=1&dbm_d=AKAmf-AX23oaZ7OE3rr1MNHR3pBc-jdrODb91r8aA3CAcx8pv8mn-w5ooHl58Nei-muiZf5m1eNwJQk996v1NolhfJYh1h9m2CWLdOoGWE-TWJQNZP3ulIMypolOIUB5qvp3E_4tr0qbYe0E-E2z2cCV7K_WZZvC5oRn2FnsUxsc1UdhvNH74vcN9GFhM4Soz6MqaRgyoQNG4lyiOjoCa_xYlI3kuwaWjRMjZ0XSF8HTb630oU6teGgebZdiqraruKrzL94_Q22iyNgRnvJXLLAvNE_-7D4oVOFdc10PajSujAcvC32Ve7IW6D3IbP-Z9khEdU2eC68hsDTdvybYnF16SihTCzKJQGe2OD9H_QfZpNJdHN3PFZ2rmNVHqLSvRk0eFBfJIi91Si1c0RVMo-lnnRG2hStaHDBwLxx9gUSwu7-eJqKES_8yc6O9Gyugsu8fR4gucQj9bc_OWE54cIRXNgwCBDNSwmR0kwlxAoOWDItk7sEo2agj2bVmLZZedtmMzLzhnrhsU8DlcbAC-rwbATgc98nGAuubd_lgdU7xXmYay-uq-StheicpytIIXxmgneAfBs3nv3GdZwcdxePsrxKdOr---nJeC6-Bw1JNVSr_AbkqqZLP_9zE3ZTKD5zwVsNaOkQAe549S4-GhKfPNhyS50mTUI91FRUl4apGdki0M0YJ_6UI7JWE5VPQq-B8HcZg1_nsIOeMupjVTzvJvcgYtiug1ZTYqBqlIPdFEuyMRM7zL7pNDu2rKTJTxIq0Pdd0SGIcaNx60V3YqGdw0SqVFVK6EKz71mGbtGzVrK7vltclIdJvyks5COtoYpeBAHUvEFBy-O6nl-PV5iRrmdBPveZ28sZqNpU_4m44V64c6_0BxjQROb2QqbPeEZ69lqopC_IKosDinHF5qUBOicATIhlNuKHEwo1QAA43w7kPNq5YsRKupaz40xtaBWlD22PZ9ds9NNAKFFfkw-T8aQkqMtokQVWDBlxF4XvLgt16GVI_8KzkDbzazyCkAGAaTwKMEyyJuD2aYYGDLREPabbzpf28Xuxb0gDWsl5UvMmsQz9mjQhqbtCtBfl5g7hZgzbQ5_YorlfR8dshfkphMo_5R3pjHhh5VB8yKgOTGm5rSplZDgd1verGiohjVJsysp7LA0MjoCI07rJs2F6WTdevFbWsyT3Mq9yN68CcmPSp1Fbewj6XODBA4l2ghoaSVH8kjEDCMDkl_tgfMsqoSRiDtVDSki_2IEtAHAElRapciROTTu0HmNwNPJoOaI0rlKjBPgMYQamVA-xwZUsYPZleaW__7_hOisacaxoofUaYZ_9wiX43g-CROO-6VcXv0-PsAqTX2u2Xxwy_qbFHdG95JjMf7rsy4DrTDZo4URUhFIAUs72MnDPd6dwKv3aVrJBt_fEdtOKJCAl-fnZkCyO54meFDyVhFolIvPeH91QbA8hbjdFTgvvua5SYGjRgkiKVDu6a7Fw66sVdtP3KPr8MH3diTIR4AF7xnxeKYlyDxhF9y30tFQA9JpdfHpUVNVKShA2G1BTRoBSyK44XDFxb6vBWZI1ttwOmAp3Iv9Ij-swjkCOdMD05V2Yse_jM84ou1jK5RWJqocS9sN6N1Fd68YeYJSwBFFaGH34iFptUCFn3HH58G282gZIKtSQA_xD_TqLSTNbF__4NuYR5eXO9683UQHPpSuddhGXlrwFvAvMJl2_VOtKkZ26mIQ68nXoJWc_QNgCB2bd-a1vMuk_owo9ApandRJrlKVeOKadVZgEXH8LJrDDpwG_pvTtpdSkqaTnXqW-MjgTpy9-v-QXAHT_jzRSzW8IyyEtoxhRGzRPsLI1S1Fq3QfUj2IWXwGInt6eFtAz_P7Z5nfwZNk1bV-04k6UAXDLFuneH-RCARYRSK3bpW81N8_Ep8-e4BoZ94aVic0pr2GsI2yUU06bsfitnpSh5845LzNikTttORwOQoGoaQk0Bw8j4M6JWrtofUlspa_34EbOlx7rihv7PTiptmc8lKgbBpf6k6H8747CYUEn0Pv8cJlWUoFsPtQMuSlGo6gvzy8PxFqHmTmSZuQlXzesPZu4sPW-S70pJsAazTgM9ztzvgniDFM0E6U0RkYym4tn8ThGt1kK0wP-xvLzJ5SRUZ_3gwh7Tl_uAOCMt5XuhlB85uW7WgR-8PRuB0LevyOox2pknJ0Swmedgv6g0DRjfGFmYvNPaE0LVB5xRpDYaGhQ1PPm_cUPXoCfEITdpb5LJuH0EZrLElz3fpPKAQJKIIQhWpQoH_7v10X44lwPlXOEKP2FoOQlHh14nv7zC2NkmKAxhkdxjNAbiwQqbyqmdGHkHHy1doAFqkuiw1HyL0YPxl67hYiXWzqi1nQwNu3OWB3PXRhtzr55GtuNDhklNPLhZkljTkYNh4IFBHQ_W8zWwCAkI6aYEfat7vHMPrFqIeXnz9Bjp_qOFNAtihZe1QOUMQFlI4BKp62OkhQJ_LfUtDGRUpP5u6uulix5k2HnrQUNjuL-LQ78k4_9vfCsHcj9tRKYPhFSmzUHY481H5c1DUbE0izIru5MSdfq-sb6SlrjSEEDzJ_6gvPvKtQk6Yz_UyhM2H2T6dPbLv5PAdiNViQ92DsrP_YAEIn4VYWxenZc-BAF7ugg5YROKrqzrWYmDYDEhe--0gwpyAa_RtI52XsdghK-wAyOgJsp77HGR0YlR5rpPDHXRoC4lPNsiS3uFBlrH4bC5C9qwx7XLKlMW9bu50vwF1WXAKWyrQiBqfwN3xkeiewoxTodrPBqr4gPgwWqQFtqlBSy1QrP6AkPiTe3p5XPJtAM6t6GXryrTAmO0TtVm7YkiEWNaMrNETEOwBl7RfX90TfT1mE2XCWg9ehbw1eemPRic1cFP9ip9OBoL6BplUe26SPSSDovNnww409z68JsRonECbSW_sky_gsrH6GgNLnBS3dgvRLELvXImy6V8zq3TszMKHGJxfJvBolvhRxZykjLxqgzNYmAzlcs-TZtautqxMxlXTzZ_63dW_3Gl84Z50xpvFlLlFC9vq2Unps9uy-fS6XBMurjlPYuBPvrNzmEt5EZTIdWg4iHMxxd-r9_Y5C2Y8B55dIptZ1_1sePaPxze8Gw_VlWGQtATdZTJxql4kT5GMN7qTKG3IZ0bcXlE3VNfmNOYjinYhyJ3OOP1KJ9kUmQryHXMdw3CHuSsMXNO0UdTUeNzTrnds5qMUV7r5I8PLDeqapNqNODd2FHecj9VDHD3alp_CsS0j09a_D9sgrnwChh7UUN1aXjoGolJwzMwzb5fWMpBq9FeqA7oapNMtSHpgKCdJQ2cRLi_zwmMkZIBSLZ8J0WhMdv8FvfkCcJy99re5qRYj9c8nCd7_UpOJMqcgYOTvSvzXjayc65mLD9A_Dc0NJm4cCUjthCBr9bCr6-yU9hrOUXcY1SkCM7Xhn--CpEKunniAWp0XwFahtQzfowYrxbZQyNIM-zissKFhhwwp1jPts-oA7_09cuSrHypJL1c1W6AgalWyn_CxhxZGvlUwEPcu00gLIAmfV7FeMX_wPnZTVbfRlpIdEbTGnT0QVS_4Lu4MR9GEyHStg2Ac4o1VatQO-yJtgTL3taAbB7auZu5a9g9Zdia-T9ref5B9ER_EoKGvpbceQ1Vb2V315BsA8MS-fIMfEazugSPIl692diH_O4O_KgWrv8cgymh7tiAqtUI3T1DROLIdc-I7c8zQWEnAWMNMZ4Hoz-QEfksjgTRpp768vEsCppH7l6X-DTJLjUF6yWwQNJOEdrl7m6YX8lH6wRvJfxz2GB9PYO38CLf5bCG4Ln8KbLjZkhucKJkE5Z88wv-BgjEF2Ax&cid=CAQSOwDICaaNwoaMnB65BilUxWsrHtU1XTt6H2hMGrYTAYw810VNdcHihOkiOILJoRE9nyHTEJMPQIB72qU6GAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fitsbawa.com%2F&ds=l&xdt=1&iif=1&cor=15105471756002361000&adk=3047537735&idt=97&cac=0&dtd=20

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0db3c35a6239fbef86f297b96f00a5766104bb8b313b8cfcec7d7c9efc544103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38567
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 2FBD 111 KB
39 KB 332ms
70ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Origin: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 07:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73859
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Sep 2023 07:03:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/ Frame 2FBD 11 KB
4 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Djz1Wp445NH_1lDchK5qynlrHDdz4jGwZfXJ7l_WRmFXishWQcVGsPGx7NOW3hTa9nZYbM9n9u0HOt3MLiBLFMVQta0Q&cry=1&dbm_d=AKAmf-AX23oaZ7OE3rr1MNHR3pBc-jdrODb91r8aA3CAcx8pv8mn-w5ooHl58Nei-muiZf5m1eNwJQk996v1NolhfJYh1h9m2CWLdOoGWE-TWJQNZP3ulIMypolOIUB5qvp3E_4tr0qbYe0E-E2z2cCV7K_WZZvC5oRn2FnsUxsc1UdhvNH74vcN9GFhM4Soz6MqaRgyoQNG4lyiOjoCa_xYlI3kuwaWjRMjZ0XSF8HTb630oU6teGgebZdiqraruKrzL94_Q22iyNgRnvJXLLAvNE_-7D4oVOFdc10PajSujAcvC32Ve7IW6D3IbP-Z9khEdU2eC68hsDTdvybYnF16SihTCzKJQGe2OD9H_QfZpNJdHN3PFZ2rmNVHqLSvRk0eFBfJIi91Si1c0RVMo-lnnRG2hStaHDBwLxx9gUSwu7-eJqKES_8yc6O9Gyugsu8fR4gucQj9bc_OWE54cIRXNgwCBDNSwmR0kwlxAoOWDItk7sEo2agj2bVmLZZedtmMzLzhnrhsU8DlcbAC-rwbATgc98nGAuubd_lgdU7xXmYay-uq-StheicpytIIXxmgneAfBs3nv3GdZwcdxePsrxKdOr---nJeC6-Bw1JNVSr_AbkqqZLP_9zE3ZTKD5zwVsNaOkQAe549S4-GhKfPNhyS50mTUI91FRUl4apGdki0M0YJ_6UI7JWE5VPQq-B8HcZg1_nsIOeMupjVTzvJvcgYtiug1ZTYqBqlIPdFEuyMRM7zL7pNDu2rKTJTxIq0Pdd0SGIcaNx60V3YqGdw0SqVFVK6EKz71mGbtGzVrK7vltclIdJvyks5COtoYpeBAHUvEFBy-O6nl-PV5iRrmdBPveZ28sZqNpU_4m44V64c6_0BxjQROb2QqbPeEZ69lqopC_IKosDinHF5qUBOicATIhlNuKHEwo1QAA43w7kPNq5YsRKupaz40xtaBWlD22PZ9ds9NNAKFFfkw-T8aQkqMtokQVWDBlxF4XvLgt16GVI_8KzkDbzazyCkAGAaTwKMEyyJuD2aYYGDLREPabbzpf28Xuxb0gDWsl5UvMmsQz9mjQhqbtCtBfl5g7hZgzbQ5_YorlfR8dshfkphMo_5R3pjHhh5VB8yKgOTGm5rSplZDgd1verGiohjVJsysp7LA0MjoCI07rJs2F6WTdevFbWsyT3Mq9yN68CcmPSp1Fbewj6XODBA4l2ghoaSVH8kjEDCMDkl_tgfMsqoSRiDtVDSki_2IEtAHAElRapciROTTu0HmNwNPJoOaI0rlKjBPgMYQamVA-xwZUsYPZleaW__7_hOisacaxoofUaYZ_9wiX43g-CROO-6VcXv0-PsAqTX2u2Xxwy_qbFHdG95JjMf7rsy4DrTDZo4URUhFIAUs72MnDPd6dwKv3aVrJBt_fEdtOKJCAl-fnZkCyO54meFDyVhFolIvPeH91QbA8hbjdFTgvvua5SYGjRgkiKVDu6a7Fw66sVdtP3KPr8MH3diTIR4AF7xnxeKYlyDxhF9y30tFQA9JpdfHpUVNVKShA2G1BTRoBSyK44XDFxb6vBWZI1ttwOmAp3Iv9Ij-swjkCOdMD05V2Yse_jM84ou1jK5RWJqocS9sN6N1Fd68YeYJSwBFFaGH34iFptUCFn3HH58G282gZIKtSQA_xD_TqLSTNbF__4NuYR5eXO9683UQHPpSuddhGXlrwFvAvMJl2_VOtKkZ26mIQ68nXoJWc_QNgCB2bd-a1vMuk_owo9ApandRJrlKVeOKadVZgEXH8LJrDDpwG_pvTtpdSkqaTnXqW-MjgTpy9-v-QXAHT_jzRSzW8IyyEtoxhRGzRPsLI1S1Fq3QfUj2IWXwGInt6eFtAz_P7Z5nfwZNk1bV-04k6UAXDLFuneH-RCARYRSK3bpW81N8_Ep8-e4BoZ94aVic0pr2GsI2yUU06bsfitnpSh5845LzNikTttORwOQoGoaQk0Bw8j4M6JWrtofUlspa_34EbOlx7rihv7PTiptmc8lKgbBpf6k6H8747CYUEn0Pv8cJlWUoFsPtQMuSlGo6gvzy8PxFqHmTmSZuQlXzesPZu4sPW-S70pJsAazTgM9ztzvgniDFM0E6U0RkYym4tn8ThGt1kK0wP-xvLzJ5SRUZ_3gwh7Tl_uAOCMt5XuhlB85uW7WgR-8PRuB0LevyOox2pknJ0Swmedgv6g0DRjfGFmYvNPaE0LVB5xRpDYaGhQ1PPm_cUPXoCfEITdpb5LJuH0EZrLElz3fpPKAQJKIIQhWpQoH_7v10X44lwPlXOEKP2FoOQlHh14nv7zC2NkmKAxhkdxjNAbiwQqbyqmdGHkHHy1doAFqkuiw1HyL0YPxl67hYiXWzqi1nQwNu3OWB3PXRhtzr55GtuNDhklNPLhZkljTkYNh4IFBHQ_W8zWwCAkI6aYEfat7vHMPrFqIeXnz9Bjp_qOFNAtihZe1QOUMQFlI4BKp62OkhQJ_LfUtDGRUpP5u6uulix5k2HnrQUNjuL-LQ78k4_9vfCsHcj9tRKYPhFSmzUHY481H5c1DUbE0izIru5MSdfq-sb6SlrjSEEDzJ_6gvPvKtQk6Yz_UyhM2H2T6dPbLv5PAdiNViQ92DsrP_YAEIn4VYWxenZc-BAF7ugg5YROKrqzrWYmDYDEhe--0gwpyAa_RtI52XsdghK-wAyOgJsp77HGR0YlR5rpPDHXRoC4lPNsiS3uFBlrH4bC5C9qwx7XLKlMW9bu50vwF1WXAKWyrQiBqfwN3xkeiewoxTodrPBqr4gPgwWqQFtqlBSy1QrP6AkPiTe3p5XPJtAM6t6GXryrTAmO0TtVm7YkiEWNaMrNETEOwBl7RfX90TfT1mE2XCWg9ehbw1eemPRic1cFP9ip9OBoL6BplUe26SPSSDovNnww409z68JsRonECbSW_sky_gsrH6GgNLnBS3dgvRLELvXImy6V8zq3TszMKHGJxfJvBolvhRxZykjLxqgzNYmAzlcs-TZtautqxMxlXTzZ_63dW_3Gl84Z50xpvFlLlFC9vq2Unps9uy-fS6XBMurjlPYuBPvrNzmEt5EZTIdWg4iHMxxd-r9_Y5C2Y8B55dIptZ1_1sePaPxze8Gw_VlWGQtATdZTJxql4kT5GMN7qTKG3IZ0bcXlE3VNfmNOYjinYhyJ3OOP1KJ9kUmQryHXMdw3CHuSsMXNO0UdTUeNzTrnds5qMUV7r5I8PLDeqapNqNODd2FHecj9VDHD3alp_CsS0j09a_D9sgrnwChh7UUN1aXjoGolJwzMwzb5fWMpBq9FeqA7oapNMtSHpgKCdJQ2cRLi_zwmMkZIBSLZ8J0WhMdv8FvfkCcJy99re5qRYj9c8nCd7_UpOJMqcgYOTvSvzXjayc65mLD9A_Dc0NJm4cCUjthCBr9bCr6-yU9hrOUXcY1SkCM7Xhn--CpEKunniAWp0XwFahtQzfowYrxbZQyNIM-zissKFhhwwp1jPts-oA7_09cuSrHypJL1c1W6AgalWyn_CxhxZGvlUwEPcu00gLIAmfV7FeMX_wPnZTVbfRlpIdEbTGnT0QVS_4Lu4MR9GEyHStg2Ac4o1VatQO-yJtgTL3taAbB7auZu5a9g9Zdia-T9ref5B9ER_EoKGvpbceQ1Vb2V315BsA8MS-fIMfEazugSPIl692diH_O4O_KgWrv8cgymh7tiAqtUI3T1DROLIdc-I7c8zQWEnAWMNMZ4Hoz-QEfksjgTRpp768vEsCppH7l6X-DTJLjUF6yWwQNJOEdrl7m6YX8lH6wRvJfxz2GB9PYO38CLf5bCG4Ln8KbLjZkhucKJkE5Z88wv-BgjEF2Ax&cid=CAQSOwDICaaNwoaMnB65BilUxWsrHtU1XTt6H2hMGrYTAYw810VNdcHihOkiOILJoRE9nyHTEJMPQIB72qU6GAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fitsbawa.com%2F&ds=l&xdt=1&iif=1&cor=15105471756002361000&adk=3047537735&idt=97&cac=0&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:52:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38510
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:52:32 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame 2FBD 30 KB
11 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5e1a1e8982becdc83263b687951cfc5c5976af5b5d67eab53451cb72ac78925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11587
x-xss-protection: 0
server: cafe
etag: 192838463742493612
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:54:52 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2FBD 41 KB
13 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 22 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592558
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Sep 2024 06:58:24 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 562D 1 KB
643 B 67ms
66ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

age: 70737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 07:55:25 GMT
etag: 48472445140208031
expires: Fri, 29 Sep 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2FBD 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 113b2dce1dda86449f75d81d88e5d31fc0cd659443316b2d8bc500a2118a9681

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DE85 22 KB
8 KB 66ms
65ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 378192
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 24 Sep 2023 18:31:10 GMT
expires: Mon, 23 Sep 2024 18:31:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDOEXhOYRxbQIOYUgsWSnV0&google_cver=1&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQt...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQtPz4Kx&google_hm=eS1TR25qQVo5RTJwRVp4a2...

170 B
188 B

79ms
78ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQtPz4Kx&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 29 Sep 2023 03:34:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRwAsadFwm-nY2ofX7y1QMa_ZRqU1-sCxCOVPPIiG3UbcP7xen8-v8nlqkXYiksbsCGBH34R4irGWvJuBafQJ2OxQtPz4Kx&google_hm=eS1TR25qQVo5RTJwRVp4a2hzX19HSTBMZEN3djRpTnVNSX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELdRTDnoT8B1LND2eJk8fck&google_cver=1&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9bpWjbiFZmCXwwv4&google_hm=Z2NmTFB0bm01d2otUlI1...

170 B
188 B

72ms
66ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9bpWjbiFZmCXwwv4&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 29 Sep 2023 03:34:22 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRxBagQe0xyvhdTi0nAtZ9o4JShOqEY5l97xP62NVwqv2uGnN8GySWf8q4LeGAlFQmoaxCOhlNnhxCB9bpWjbiFZmCXwwv4&google_hm=Z2NmTFB0bm01d2otUlI1djZ2a3E=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmQ6av_ibTufTcO5q2WO4pbfdlv5jHDMv...

170 B
188 B

81ms
80ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmQ6av_ibTufTcO5q2WO4pbfdlv5jHDMvOdovmwAEFG15_rPhu3ppfCaP9YhS1CqwPNFeILrbRIc3nUEjX6VuwTIZa_kc9MC

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5zhuS7sYfGecwOzvGFgI9io2BeqYyUDqAHQJfVVnOAZAWw%2BimT3YGvCKIH9kKbgHKH9VG6y0zMtAK21lfvp9D5WxC4%2F2KvdOrygIi74g3YbsWwB37l86edN765Ym7CGRctYOMktGPXjZA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPaehad3QaIL5KUowsJNmZI&google_hm=ZRZFvRKDHKQq8ZjDG2LYIwAAApUAAAAB&google_nid=index&google_push=AXcoOmQ6av_ibTufTcO5q2WO4pbfdlv5jHDMvOdovmwAEFG15_rPhu3ppfCaP9YhS1CqwPNFeILrbRIc3nUEjX6VuwTIZa_kc9MC
cache-control: no-cache
cf-ray: 80e12b890e410716-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEOlqqZVLGijg6apHFzF43C8&google_cver=1&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n&google_hm=M1JVdzJBQXNzaUE5Q2Jj...

170 B
188 B

73ms
73ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n&google_hm=M1JVdzJBQXNzaUE5Q2JjcHBxeDg=

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmTGGnyoxCicowdJUQHXZEPW59pGqWR9WKRILJYNz91o4BEVzGoYBmqMdilKOHxFJRaYtW9Ibmya-4-VuzNaFxVImmDtUw_n&google_hm=M1JVdzJBQXNzaUE5Q2JjcHBxeDg=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 562D 0
45 B 477ms
96ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIrozDCno6C_RKU3U2M22Z0&google_cver=1&google_push=AXcoOmTHqwv_VT6FioM0tnpkI9PF1PFr7UAziylQKzCbWFmw08Y7BHEFNwC4DQUFuz4bwEs-U5keqqhKfE4Tf_KbVaPcKud63Co
Requested by: Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub6871767557696&google_push=AXcoOmSBx83Y4TwEE3WwL4ClYvpVVSFWT98SEhCYKCaPOFzdxifQQ8mzFYM8cuP4YLCryqqAy3HWOtCyr6lth7WLNPpcou2Avit71g&google_gid=CAESEHKW_Ohwwem...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHKW_OhwwemuJuflJEYry4A&google_hm=T1BVMDg3NTUxNTU5MjIzNGExNzgyOTFmMWM4NDFkNGE3YWI&google_nid=opera_norway_as&google_push=AXcoOmSBx83Y...

170 B
188 B

57ms
56ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHKW_OhwwemuJuflJEYry4A&google_hm=T1BVMDg3NTUxNTU5MjIzNGExNzgyOTFmMWM4NDFkNGE3YWI&google_nid=opera_norway_as&google_push=AXcoOmSBx83Y4TwEE3WwL4ClYvpVVSFWT98SEhCYKCaPOFzdxifQQ8mzFYM8cuP4YLCryqqAy3HWOtCyr6lth7WLNPpcou2Avit71g

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
server: Tengine
access-control-allow-methods: POST, GET
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHKW_OhwwemuJuflJEYry4A&google_hm=T1BVMDg3NTUxNTU5MjIzNGExNzgyOTFmMWM4NDFkNGE3YWI&google_nid=opera_norway_as&google_push=AXcoOmSBx83Y4TwEE3WwL4ClYvpVVSFWT98SEhCYKCaPOFzdxifQQ8mzFYM8cuP4YLCryqqAy3HWOtCyr6lth7WLNPpcou2Avit71g
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 326
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 562D
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESECok9l7QVzUce2hop08eQGE&google_cver=1&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3Dqu...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3DquXQg7_t-DE4pcc3zAmsP2DVpvmwRXnTYfmXA

170 B
188 B

58ms
57ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3DquXQg7_t-DE4pcc3zAmsP2DVpvmwRXnTYfmXA

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 8ba9114.7fba100
date: Fri, 29 Sep 2023 03:34:23 GMT
x-bytefaas-request-id: 20230929033423E9638F52EAA3E002E8A7
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-54-206-24.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.1-51461813) (-)
x-parent-response-time: 97,23.54.206.24
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=9, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20230929033423E9638F52EAA3E002E8A7
x-cache-remote: TCP_MISS from a23-32-17-6.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.1-51461813) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSccfyzdXBPKebQ-KhJH5mRX6ItLp2-y_yYDq3gg6ylsTw_fg-cfE5T0EW3DquXQg7_t-DE4pcc3zAmsP2DVpvmwRXnTYfmXA
x-bytefaas-execution-duration: 4.11
access-control-allow-origin: *
access-control-allow-credentials: true
x-origin-response-time: 9,23.32.17.6
x-tt-trace-host: 01439bbf843375780b7f142d4e6aaa5341fc595c7919266a9733b94e2ce500fafff4c04dae96a445edc1eaab3999f065109055f2f1df1396a789ff76bcec7fe01143c4bfc974192a3f980bbe2089707848bb680449707c40c2cc544f2f09e70b0212b356727b62826061913fd33acc6199
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Fri, 29 Sep 2023 03:34:23 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 562D 0
12 B 69ms
68ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K0hI33b-vIVcnFPwt82uoqoObHUMhWSDPSbaL7rtsnmy967TfdLydmI6ohYa7R6ltYnFz5yzQ

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame DE85 37 KB
14 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 201227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 vwco_meteor_pm_728x90_v3.html Show response
s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/ Frame 9FCE 6 KB
2 KB 253ms
60ms Document
text/html 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84337564c42d700642c3efde36663f39f0ecacaae6a578b31d9999a31fb8b5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 504643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2318
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 23 Sep 2023 07:23:40 GMT
expires: Sun, 22 Sep 2024 07:23:40 GMT
last-modified: Fri, 15 Sep 2023 13:53:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2FBD 0
0 338ms
152ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7hQ9SPuFr_hksddURaEZvX7_Bc45SPXylnF4cGCOy5cBUBI9IEPgvK5Mk9GBa1x3dOkEka4VQemsnQmtJPDaNituQLyJjHUR5RtJcr1sPGAthV3U4O2St-IUtacHgW44i1S6Ypy-3otlqnf74CJnf4cUtF_Zu8191MeiMFchV30AfaQjkZrQbZHPnnC9o52e10YLKjm1l9PWdgiLFigXRazGr0NsVSKZkcvzNrUWfrfj8nfUrYwLhO2ugJ8_KQRfQBgBftuTuQto6JHvUdnuXCT3uQ4pJwXhnphbb6Ez_MbeVdreFKAR6hU_jaNL1X7X2aFxYtWpWImyYsupzcgxi0jYPgGn_HK1dlQULqRLKsetpAZRJHVkC47mS3V_JQqm3PyoDwudFLehqh-c-4iuSviCcO6vOUu_XERwLYrrSK-AgNYrTcSeWL2vXd2ua1e7iex3Q9De_Ffx4XAhXyOW7deZDpu8AMgi3-P80EefGXfb0oDQAlf5Dp8WBoFzDKMU00GC9Ik_L7SZOagxqW_dU9bZkZOe9ZxWM-stUiKfrBpulSduYgDl-aQlf0ul7HISfktKHctfyzL0WrMQZafXkvjWgHFUFUVBeW7dKNExVoCAWsKFGfuoMw7G8vmBB_9ESvv7ddcUuXyT1I9dpTQJK-VYu236fYNxqwp6xhOPU6qN7DapQ0hT1RnDaGXsGzoCY7IKiXQHaV0NbHYHuyK1uiR0MAKC0J9f_x7lLOYqWBBYbNa7u1iltN_npyvsukYsEW4m69HPNrZhPN1pbJs6lRzqM2ncaY8rwHim0Up-cAdH-VisUL4BfMyETPO9CQs3roLmXwa-HcIlpkrKh_uD8pkfEmyfqd-Nr9Kbqzme7gORUxuO0jgCc2_pjXyOwotvCKC_rMi7AjDOlgcuhArUTz8UVQsVm4Ph3sIn3OYSVjxjskkUnVu3paE-XoAmHR6-HC9ta64fp0_fJREt6s_Zn4CczSfh6qJFDVl7SH18UvXfPLyv22JrgcShfZDaTv8zYlcFtHjEUdswtl7VNwPgIwUaiCegzm3xLdtoC_qw_gfyv5dlkERKATKaKldu22W2t0uu4dKZzKl8W6axUqL1GfaOxp1bnZQlKDnHTeDtsnzar6_1YyHMNG90EfkMoNY7vzJHBsbGK7mgG645e-__ult8W8Fa98ABEb7V87YDlax6osb3_1Gf8pj5_9ThwsXiXOzZyHtuixy9G2VNBdOJ-CdTPn3xkvuFrzYhw3hDZcXsKatL2sGNkEAzpRPay73S9GvlbdRZrZHDM-jgg78OXkNGTdSEEjL4Q_5a5Rsuzks0BclcNe5bIIfxANqJRGqZ_j9P6I5F86c6Oznmgjfe4f46L2ZqkiPXiZsfQxHKsA6QSIXVF02wCaR-inlUBzGNaBRNHmgds7N3utKExZNlidXuGUul7qJVC8jHdrrY&sai=AMfl-YRBfnOGVeAk_9CNRi6_QIs6sx8K2oBFbLprCihBaE0s3rNQ3YoHC06YJ_OvlVCjmpXr5NYeW_DXvlWB2o5nRC_m53s3RFk2nd2Pclu2cNqULzwxwiw6p026mgTwArEx6HoMwo489krhxhm4Q69eYEqfWGz59JzpkaRsjRxd72-5BfrweThNHDHw3Nd5-PbrA9F0FGHVXM3bfajsGlAhr8RBiFXCW8kYdzAuFjasAMXgJ-FV2EMwAwFv5mgf0OtT7qm4&sig=Cg0ArKJSzN5e4tXhw3zOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=378&cbvp=1&cstd=374&cisv=r20230927.59954&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Sep 2023 03:34:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE85 0
20 B 100ms
100ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B04MWvkUWZYGLKvO4x_APxdy1-AoAAAAAOAHgBAI&bg=!AQKlAk3NAAZN1Q_XbdU7ADQBe5WfODyziF9T7PvH1TlA_V3DQbAd-oBIPaiBgS-NksceX5siJDL0EUN4cSFIJ-p7xKpeAgAAAFJSAAAAB2gBBwoAV5mfysIVMjISMpPKMyVilYHakccqBXri0vkSXrXDhayT27CO8im44mXlXmkEi4uYFYxhfui95N5EtL8b58GESDPKuLREhNVnP4npiz-fmNzCPIBAQjeespkDANf-cmb7YQLRjyDvgOMBA9zAu0tVG_w4Ucz9OILs7ZihbAyV7yBVG0rTn3h2ff1J6S4yqRcHc0j6KNFNmbgVA_-qHVCLlMFNiaO-BQUrFRqgEDYU-TvjGbR-wHmGLqCd_Ga-Zx6NhslgiUGTgMI6fg2laOyAAvswjJvkymW1RyWU_rhijswZZxK-i7M1f-o210TKXVICK8WsSGGKaXXbF0aJ3vOyzjcyMN2waiwlXDinrVVP9XJKlsrr4SpOH6ghaR9HrmMLOKmQBQL0OpW3L3IsDRMkvHY21RinaCNpYnGQrDokECII72wz6c_XB9qloBqk3cRYm3Qp52cVud5c2R6NHvyrAC92MLp_dSFDQKe4T8UGQnwg6RqvTxu6HVPUaUo5TliaYAUKQlaIgb1FAujseM6_R9Zq0ZvyGSnKqK5VBoMzKxIercLLEg-Kae7QEll0-6yjs5aGvWCiPLViF-WdsONNfxF2IDoZKXtWKi-8YhI3mHkS6oLeberuNsHtWaNnRdiJ4h1XfDDAZTEM7R55A2vlGUyAgcRN0azvycBXgEDc2CZshC1jZJEjEtLMkKq-VjHH2c7CqKzhGx5JWhFMa3mImSnNPlDmVauLN7b85oQ63n-AKd0gTfPhFb3W3-d_Gue47jl5wmcLHmljKqvLOsRMJLF3al5UAlxreTx5y3SJFB97uzuBDaIxezIrtWItHA5ZpWyWJZC5POIF2EjP1hAKX4KC6zfAC0-r9QrN8ZCMmQUl2hNohsNqLI-EgtOn7z-HoRFvGeUi5xR13fa2Gc4P07E2TRKYuPpnWsjQr5AvR_E0U3wIM3Ybc36b09RMnoqgQjeOTMU-ZmybH55V6REtm1bKgsbaHsrrI0INPvdWiUhNLP36RNmYSRy_9aY2qqUxmfc9pSP-vORlvWpBjw1j1Li2yDB0Ubxago8zxD-1LQqkGVkXBBtC-piJfUZwjk4HQp2SR-yQ4k5UKaCN7073oIZ0ZqrHhRxVN-21vnkJOQGPnXL6L_6ZrMTqSA

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 createjs.min.js Show response
s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/libs/1.0.0/ Frame 9FCE 236 KB
63 KB 53ms
52ms Script
application/x-javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/libs/1.0.0/createjs.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33be66f63aca50629829ad77a1b1def4d69887f267ec408420286cd0138dd587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 19:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29241
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64214
x-xss-protection: 0
last-modified: Fri, 15 Sep 2023 13:53:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 27 Sep 2024 19:27:02 GMT

GET
H3 200 vwco_meteor_pm_728x90_v3.js Show response
s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/ Frame 9FCE 10 KB
3 KB 51ms
51ms Script
application/x-javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95816041d9618ddbdce5369790fbcbf9e56345793cdcc6930e10da4b1fd33d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Wed, 27 Sep 2023 03:41:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172371
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2692
x-xss-protection: 0
last-modified: Fri, 15 Sep 2023 13:53:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 26 Sep 2024 03:41:32 GMT

GET
H3 200 vwco_meteor_pm_728x90_v3_atlas_1.png
s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/images/ Frame 9FCE 25 KB
25 KB 55ms
55ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/images/vwco_meteor_pm_728x90_v3_atlas_1.png

Requested by

Host: e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
URL: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3af4951998ab5b83bf9bb2b7c6a55fcb59cf52bfcdd60186eaa3d9ddb89785a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4444503785753246903/_CO_MET_TRU_BRA_LBD_728X9_PT_learnmore_na_FX_consideracao-setembro/vwco_meteor_pm_728x90_v3.html?ev=01_250
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Thu, 28 Sep 2023 16:56:04 GMT
x-content-type-options: nosniff
age: 38299
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25664
x-xss-protection: 0
last-modified: Fri, 15 Sep 2023 13:53:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 27 Sep 2024 16:56:04 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2FBD 0
0 75ms
75ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7hQ9SPuFr_hksddURaEZvX7_Bc45SPXylnF4cGCOy5cBUBI9IEPgvK5Mk9GBa1x3dOkEka4VQemsnQmtJPDaNituQLyJjHUR5RtJcr1sPGAthV3U4O2St-IUtacHgW44i1S6Ypy-3otlqnf74CJnf4cUtF_Zu8191MeiMFchV30AfaQjkZrQbZHPnnC9o52e10YLKjm1l9PWdgiLFigXRazGr0NsVSKZkcvzNrUWfrfj8nfUrYwLhO2ugJ8_KQRfQBgBftuTuQto6JHvUdnuXCT3uQ4pJwXhnphbb6Ez_MbeVdreFKAR6hU_jaNL1X7X2aFxYtWpWImyYsupzcgxi0jYPgGn_HK1dlQULqRLKsetpAZRJHVkC47mS3V_JQqm3PyoDwudFLehqh-c-4iuSviCcO6vOUu_XERwLYrrSK-AgNYrTcSeWL2vXd2ua1e7iex3Q9De_Ffx4XAhXyOW7deZDpu8AMgi3-P80EefGXfb0oDQAlf5Dp8WBoFzDKMU00GC9Ik_L7SZOagxqW_dU9bZkZOe9ZxWM-stUiKfrBpulSduYgDl-aQlf0ul7HISfktKHctfyzL0WrMQZafXkvjWgHFUFUVBeW7dKNExVoCAWsKFGfuoMw7G8vmBB_9ESvv7ddcUuXyT1I9dpTQJK-VYu236fYNxqwp6xhOPU6qN7DapQ0hT1RnDaGXsGzoCY7IKiXQHaV0NbHYHuyK1uiR0MAKC0J9f_x7lLOYqWBBYbNa7u1iltN_npyvsukYsEW4m69HPNrZhPN1pbJs6lRzqM2ncaY8rwHim0Up-cAdH-VisUL4BfMyETPO9CQs3roLmXwa-HcIlpkrKh_uD8pkfEmyfqd-Nr9Kbqzme7gORUxuO0jgCc2_pjXyOwotvCKC_rMi7AjDOlgcuhArUTz8UVQsVm4Ph3sIn3OYSVjxjskkUnVu3paE-XoAmHR6-HC9ta64fp0_fJREt6s_Zn4CczSfh6qJFDVl7SH18UvXfPLyv22JrgcShfZDaTv8zYlcFtHjEUdswtl7VNwPgIwUaiCegzm3xLdtoC_qw_gfyv5dlkERKATKaKldu22W2t0uu4dKZzKl8W6axUqL1GfaOxp1bnZQlKDnHTeDtsnzar6_1YyHMNG90EfkMoNY7vzJHBsbGK7mgG645e-__ult8W8Fa98ABEb7V87YDlax6osb3_1Gf8pj5_9ThwsXiXOzZyHtuixy9G2VNBdOJ-CdTPn3xkvuFrzYhw3hDZcXsKatL2sGNkEAzpRPay73S9GvlbdRZrZHDM-jgg78OXkNGTdSEEjL4Q_5a5Rsuzks0BclcNe5bIIfxANqJRGqZ_j9P6I5F86c6Oznmgjfe4f46L2ZqkiPXiZsfQxHKsA6QSIXVF02wCaR-inlUBzGNaBRNHmgds7N3utKExZNlidXuGUul7qJVC8jHdrrY&sai=AMfl-YRBfnOGVeAk_9CNRi6_QIs6sx8K2oBFbLprCihBaE0s3rNQ3YoHC06YJ_OvlVCjmpXr5NYeW_DXvlWB2o5nRC_m53s3RFk2nd2Pclu2cNqULzwxwiw6p026mgTwArEx6HoMwo489krhxhm4Q69eYEqfWGz59JzpkaRsjRxd72-5BfrweThNHDHw3Nd5-PbrA9F0FGHVXM3bfajsGlAhr8RBiFXCW8kYdzAuFjasAMXgJ-FV2EMwAwFv5mgf0OtT7qm4&sig=Cg0ArKJSzN5e4tXhw3zOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=756&vt=11&dtpt=378&dett=3&cstd=374&cisv=r20230927.59954&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: itsbawa.com
URL: https://itsbawa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FBD 0
20 B 128ms
128ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5637703735719&version=m202309120101&ct=76&x=1&cor=15105471756002361000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 03:34:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E375 13 KB
5 KB 69ms
68ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 34528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 17:58:56 GMT
expires: Fri, 27 Sep 2024 17:58:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2B5B 829 B
559 B 82ms
82ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3162e7c9ac99a80888362cdbd3cd574bacea509a906dba03a747b3bdac158e1e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BycieGUaXSUrKETw7gH4pw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itsbawa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-BycieGUaXSUrKETw7gH4pw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 03:34:24 GMT
expires: Fri, 29 Sep 2023 03:34:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame E375 37 KB
14 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Wed, 27 Sep 2023 02:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Sep 2024 02:56:36 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2B5B 0
0 90ms
90ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230927&jk=190859508569122&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E375 0
10 B 57ms
57ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pZAmbQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date: Fri, 29 Sep 2023 03:34:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 87ms
87ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230927&jk=190859508569122&bg=!NDelN3jNAAYEJRtnJCU7ADQBe5WfOEYS0i7VV8o2O75iVcV8kVOa0rlhr2w0gQQHDJl5D18Tl41JkMo12nSLGfQKeRFAAgAAAEBSAAAAGGgBBwoAkOs-zz32WI4iK3bf_TRROdZy3HTKOTfQSDfr6uy1I7W2Z6g94u8nOOpMMb8D7OdCp3VsOHU-0ODrnfOvEtqY2JlVMKAfkXEUBjremRUYpjPW_iGYreF5a04MLpoyyu0OOLzOY_F0Brp0W08WtqabuLQVXHxhsSPmNotpN_mRevnbI5J--DcYgapKBGEJaizLO5kCvpiLAH-NHtVlC3G5f8hjKmwqI44T3zoQtHW3lx5pdmmWA3m01-1XtSujNwVVbYOBLV8bglEoUCmCxdzIbkNpAqyhhOevOhkOR1FGYLQufZ5lTiPeMXG50RTvSgYnQ5KwZpyTt9wHAFXP76WYfGsV4gNe-d_MeBXo-u8Phz4mCFd2NKjH6DqK-7PdG-__AADWmgJEmc9twRQfgB5lY_HUaTFfafWJUyy6Tnk52AHpaXYyzYVH7oJjYRog8jhICkhYrPXHig5l1ZosB6MKYuAd0kd89XuRCvbWv9MG1ExAItUZ_1lYk3RHF-3N4F0qGNhDsxZptRAXkHcuHKwnSaJnuMA03ICrHaXHpO633V159SMvsf5v9KA5ZtWrTlO9XrUiPhzgnlk4JMY46ywGFj0MU2oSoajDOXKLNj29xZK4GT3FWf5_nIXEtyNKnbjf9HyDJrwVpUZQjmUtX3dMXK7PJkPcSDI4if-vRNyBrc-_7PVmBR9IpMkgFl6XGUYWdbkgbBHkOuTvNLQj6y3Q4--LmszOkiNGvnCYpCEvyt_hDFz2MNnyCGyZ8u3chbIq1-rSOW_74YYI2RRn4D-FL7dfCKG-KCYqBDfTuql3QOs4ZKsQL0a1eYU77_MF7jca1NgAYqsmQMzVG8CTdEA5_iQckercaxAcIMGi-CPX3X6rvjcZcMlirD9BOEe2mV8MEloZNlxUdfT5zFvC-shrgeWjqn87KSpCHCkNDKZiUsIatSM7vnKdoqcy2DvA8O4_sr_c0P4uexd-HIpi4SEOpohvpREZFlwVrAdSVunzgeHoD2kFayZCwwkcOlachfhRfAYbC3nMrcFaurjbHlLexINTizwUyW-GpPjwbHalATZ0Y-k52z7VFZ50HS0L6fAzp_UqnA0QqIULnjNTZokipzMX-fjj7LCaw41XYB0fBds_OA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://itsbawa.com/
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Verdicts & Comments Add Verdict or Comment

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ctnsnet.com/	1970-01-20 23:51:34	Name: cid_cde54396b6b240c7ba33081936641f63 Value: 1
.ctnsnet.com/	1970-01-20 23:51:34	Name: gid_CAESEHICMtbVJ7mf9Z0uFmzIbro Value: 1
.casalemedia.com/	1970-01-20 23:51:34	Name: CMID Value: ZRZFvRKDHKQq8ZjDG2LYIwAA
.casalemedia.com/	1970-01-20 17:15:34	Name: CMPS Value: 661
.casalemedia.com/	1970-01-20 17:15:34	Name: CMPRO Value: 661
.pubmatic.com/	1970-01-20 15:07:24	Name: KTPCACOOKIE Value: YES
.yahoo.com/	1970-01-20 23:51:56	Name: A3 Value: d=AQABBL1FFmUCEIscxJnmestbHg9Mh4U_r8QFEgEBAQGXF2UgZQAAAAAA_eMAAA&S=AQAAAsZoqui6huxNHSCv6t_h25k
.quantserve.com/	1970-01-20 17:15:34	Name: d Value: EDoBCQGIKoEA
.quantserve.com/	1970-01-21 00:36:12	Name: mc Value: 651645bd-e68ef-8b062-0560c
.pubmatic.com/	1970-01-20 23:51:34	Name: KADUSERCOOKIE Value: 8AAD9F8A-C4C4-490E-B983-563F3EC45417
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA12dQ-MKsuMygyvSg-qDE4z8y0rq9Q1DwUAdDKFJh4AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MStjA3MDE1sjQxN7e0NDAxNDWzNBHiM9SNSK_ULTcxzEsyDrYAAEQln9olAAAA
.rfihub.com/	1970-01-21 00:27:34	Name: rud Value: H4sIAAAAAAAA_-MStjA3MDE1sjQxN7e0NDAxNDWzNBHiM9SNSK_ULTcxzEsyDrYAAEQln9olAAAA
.rfihub.com/	1970-01-21 00:27:34	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA12dQ-MKsuMygyvSg-qDE4z8y0rq9Q1Dw3iNTSzNLU0tTAxM7S0tHjFiMK3BACKS0NLPQAAAA
.zemanta.com/	1970-01-20 23:51:34	Name: zuid Value: gcfLPtnm5wj-RR5v6vkq
.doubleclick.net/	1970-01-20 15:06:02	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-21 00:41:58	Name: IDE Value: AHWqTUmbjEE8o2Q7ii7JbUh8Nzsq8W8ZknwSzPx11EyRMLUl-CMMXTQuk3hhaFbzXxY
.itsbawa.com/	1970-01-21 00:27:34	Name: __gads Value: ID=4cec3b787dfbbfed:T=1695958461:RT=1695958461:S=ALNI_MY2NvfbQlVsX5BObgbWCrM5p7pKOA
.itsbawa.com/	1970-01-21 00:27:34	Name: __gpi Value: UID=00000c8820bc98a2:T=1695958461:RT=1695958461:S=ALNI_MZMRZTR-FDN5fbbW-gPZ_9ldkK6Fg
.doubleclick.net/	1970-01-20 19:25:10	Name: APC Value: AfxxVi4w2IOsTQXDosZxwccqWoImu7-kbMULzOLwG4t6qvIIniLFdg
.adnxs.com/	1970-01-20 17:15:34	Name: uuid2 Value: 5148372219277607011
.adnxs.com/	1970-01-20 17:15:34	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ildl<=ho!]tbPl1M>e)ZlrFUfJ+tGXxoHCGsh?`bws6YnFlL>4m+39'5^EQ<9osVp-/>bpRzqF1`b`B*5o3U
.googleadservices.com/	1970-01-20 17:15:34	Name: ar_debug Value: 1
.adx.opera.com/	1970-01-20 23:51:34	Name: UID Value: OPU0875515592234a178291f1c841d4a7ab
.yieldmo.com/	1970-01-20 23:51:34	Name: yieldmo_id Value: 3RUw2AAssiA9Cbcppqx8%7C1695945600000%7C0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://itsbawa.com/ Message: The resource https://www.googletagmanager.com/gtag/js?id=UA-259155793-1 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.rfihub.com
ads.yieldmo.com
analytics.pangle-ads.com
b1sync.zemanta.com
cdn.ampproject.org
cm.g.doubleclick.net
cms.quantserve.com
dsum-sec.casalemedia.com
e4721a26719be5fb55af20daa44ed288.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
itsbawa.com
mlqchzvmg8af.i.optimole.com
mts0.google.com
pagead2.googlesyndication.com
partner.googleadservices.com
pr-bh.ybp.yahoo.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
t.adx.opera.com
tpc.googlesyndication.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.26.193
142.250.185.66
142.250.186.98
172.217.18.2
185.86.139.93
193.0.160.130
193.108.153.24
198.47.127.19
2600:9000:237d:ac00:2:6f7a:6f00:93a1
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:803::2006
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::200a
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::200e
2a02:4780:b:964:0:1a82:3b37:1
2a05:d018:d29:3605:cdf9:6ebb:c08d:dd
3.248.149.248
35.186.193.173
37.252.171.21
64.74.236.95
82.145.213.8
0021634309d4f589c6803d3d3dbe0ab9402a524993ab8df667d16c33d23d1fec
04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb0c4d097a024f47f6af01fc8a4aec2598e5b25d10288d45609268b5e72fea0
0db3c35a6239fbef86f297b96f00a5766104bb8b313b8cfcec7d7c9efc544103
113b2dce1dda86449f75d81d88e5d31fc0cd659443316b2d8bc500a2118a9681
113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1485239c306024e6c394180a15d165493fc21e4ea7cfe118f120cad48a0a2eb8
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18bdf10bc50a7bc3c4e9e74ca28f75511caebb904d3af6720eb0f95459953dff
1c653354ff5f5d33d4f584291d563138c565e4647eabd83ab9a3cf0665c911d0
23edef6e70590e3db1c2a5137351730d3d94e47a72b213dfe26e58067d217743
245105bfe43ccb81c0d3e2acd7ccdb5584b65e7615b3a26d262022378e5638ae
315e2b09f9134e226febb6a0a031bdd86a6f5f1e14b70059e33d31a1be49f99d
3162e7c9ac99a80888362cdbd3cd574bacea509a906dba03a747b3bdac158e1e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
319f83963e6f846eda994326d736458e57ff9efaf533a1563e0b8bbacb4ead8f
33be66f63aca50629829ad77a1b1def4d69887f267ec408420286cd0138dd587
3597159923fdb7726640f3a9b3c6235507e8b3f14c4238bcd8499b92ce3e9beb
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3af4951998ab5b83bf9bb2b7c6a55fcb59cf52bfcdd60186eaa3d9ddb89785a1
43e52c602fdceea6c97627c6ed6ffe2d6d774cae955df9971fabb74d0841f783
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
47a75500e8a5e7ff44876703337b316290500099ca44c0df47cc7a7d887c9402
49f9117b94a5252fe9275626b5dd68af08e0b445517dc246e5b444fb617036da
4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ed5d2680b7b7ce0b244809fada4bcfdbbca195ea1185c3f9935a982cc43e633
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5674b0a11a287377a390c9a6c3c2946b3304596cb4fd10a63f5203a3a85f8a31
5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446
610307a1a9916e31c6e47353555eacee8ce4cb922fe3ce1a97c8924a530dc1f5
61be7844e67a3d17b77f3006ddc447d2fbe070b43dbbbd888b563ae1dab3a55f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
624cde597eca3d6f239fa030922a186f6361bcea38ef36267d0ca812c6d945c5
71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05
73d5fddf856047a2685f205d0caed8bc98051486cc19f4468c5b50d14f625620
78e2b46c5f49ad741e502e589a5587a39dd95c7c9df02db1d4edb9b60d684e27
7cbc2438a8d8a681cbdaacd18d52d9452fe3f355e10b5539a3f50ed8fe776336
7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4
843245d38197c1ae733406b6faeda0f9b53376d8853df5d513a880489c822166
84337564c42d700642c3efde36663f39f0ecacaae6a578b31d9999a31fb8b5d4
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
8ae87f7e53365c50bb59128d8b605397fb02265bebbc16daf7c5968a89eb6f66
8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7
8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234
8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074
9203eef2e7058d05a6f6c3f022d1b7c460bd0bce1bfa33dc52dfde9c3dc5e8e2
95816041d9618ddbdce5369790fbcbf9e56345793cdcc6930e10da4b1fd33d36
98b3f307a592154d8029581be6fa886f72839f6b918ef689581310ace8b6480c
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ac93a925b888b68155813661a5cd3a2f5e5641ba1176bfb266eb349b38002c5
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb
a6f8385a32456868e5011ef7af0cd073451d45efa2771adc8a6a22374ddcb9d7
aa4c8cac1550a9afaa1b33e95c7000d83f7f0763fb91bf680f3310dae8513d9e
ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c3547f5d1b7e018b0ca425de03cc0aa8febf24458694bb3d025676f365d91031
c5e1a1e8982becdc83263b687951cfc5c5976af5b5d67eab53451cb72ac78925
cd265f018e8c987adb80c2564378af30acab3f9b44e4c15c4aa8671d3e9a0545
ce4cea7f54570bc47d8731266d6c2f1d21c86bc87375c71ab7755eca2cddde70
ceab4ff3d4af4f6402234da5817d688928c26a39ae798050f9da58bca0d415b1
cf4c8d51d3c146d92c33b5cddb640cd24990c8f5212634a6f9a5eed446b55f7a
d820d5dfd8e04c7fc43530a20e0d9759f3f398f02bb57046fbbcae5ecce469a2
d9eef86302b4cafaa9ceb5705c0791ecfda2ea2a20d7b9b84adbe352a1df7374
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e845fcb50a34be246ce18c0187a8662517a3a7a45673ab56ef124fe70da00dd6
eb6eb34ae179eeb96f8ac86cd94f6960c06b68c2a7a477f0c883175e8b715504
ed0329ded0e3e15f1da42e303456565efd908295a3a4c0fb1984decc0fec3ee7
ed34e84a189ed3e7735ec026a4be0ffa93c4e8f63450a5b0258bd46fc8459241
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2beef06223d6ede7b92e9931ee927a76fa8b06a837a0d2181bf974a098d9ec1
f3246a9106fd3dc1b6eb814c4b65fd0830b1a6412a47ff217a0e487bbbe4cd4b
fa5955542bf864ce27c7398daeb2a391343308237d57ea2e664f3386bdf1b1ff
fcc7eca0021cf07d4bd8c4a5c522a8568b779e97322979fdd066668a3b5d495b

itsbawa.com Open in urlscan Pro 2a02:4780:b:964:0:1a82:3b37:1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

86 %HTTPS

59 %IPv6

24 Domains

33 Subdomains

25 IPs

8 Countries

1827 kBTransfer

4659 kBSize

25 Cookies

1 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

itsbawa.com Open in urlscan Pro
2a02:4780:b:964:0:1a82:3b37:1 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

86 %
HTTPS

59 %
IPv6

24
Domains

33
Subdomains

25
IPs

8
Countries

1827 kB
Transfer

4659 kB
Size

25
Cookies

132 HTTP transactions
11 data transactions