urlscan.io logo urlscan.io
SecurityTrails logo

www.w9ein.com Open in urlscan Pro
92.24.2.52  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.w9ein.com/
Submission: On April 13 via manual from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 27 IPs in 4 countries across 20 domains to perform 76 HTTP transactions. The main IP is 92.24.2.52, located in Walsall, United Kingdom and belongs to OPALTELECOM-AS TalkTalk Communications Limited, GB. The main domain is www.w9ein.com.
This is the only time www.w9ein.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 92.24.2.52 13285 (OPALTELEC...)
1 2600:9000:231... 16509 (AMAZON-02)
1 52.216.8.37 16509 (AMAZON-02)
14 2a00:1450:400... 15169 (GOOGLE)
2 2606:2800:233... 15133 (EDGECAST)
5 18.159.80.129 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
7 2a00:1450:400... 15169 (GOOGLE)
1 2620:116:800d... 16509 (AMAZON-02)
1 2a03:2880:f12... 32934 (FACEBOOK)
1 2 2600:9000:223... 16509 (AMAZON-02)
1 142.250.186.34 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2620:116:800d... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 4 142.250.184.226 15169 (GOOGLE)
3 5 104.102.29.65 20940 (AKAMAI-ASN1)
2 3 37.252.172.249 29990 (ASN-APPNEX)
1 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
76 27
6    92.24.2.52 (Walsall, United Kingdom)

ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB)
PTR: host-92-24-2-52.static.as13285.net
www.w9ein.com
1    2600:9000:2315:ca00:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)
go.ezoic.net
1    52.216.8.37 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
14    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
5    18.159.80.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
g.ezoic.net
3    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
7    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
1    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
edge.quantserve.com
1    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2600:9000:223c:2800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
2    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
12    2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
4    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
cm.g.doubleclick.net
5    104.102.29.65 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
3    37.252.172.249 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
26 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
342 KB
12 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293
90 KB
6 ezoic.net
go.ezoic.net — Cisco Umbrella Rank: 8986
g.ezoic.net — Cisco Umbrella Rank: 23054
43 KB
6 w9ein.com
www.w9ein.com
27 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575
4 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
3 KB
3 gstatic.com
www.gstatic.com
13 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
3 quantserve.com
edge.quantserve.com — Cisco Umbrella Rank: 11703
pixel.quantserve.com — Cisco Umbrella Rank: 423
11 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
73 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
2 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
914 B
2 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
857 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
85 KB
2 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3615
159 KB
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
19 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 794
644 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
3 KB
1 amazonaws.com
s3.amazonaws.com
76 20
Domain Requested by
14 pagead2.googlesyndication.com www.w9ein.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
12 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.w9ein.com
6 www.w9ein.com www.w9ein.com
go.ezoic.net
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
5 g.ezoic.net go.ezoic.net
www.w9ein.com
g.ezoic.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 www.gstatic.com googleads.g.doubleclick.net
3 www.google-analytics.com www.w9ein.com
www.google-analytics.com
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 www.googletagservices.com googleads.g.doubleclick.net
2 fonts.googleapis.com googleads.g.doubleclick.net
2 pixel.quantserve.com 1 redirects www.w9ein.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 rules.quantcount.com 1 redirects www.w9ein.com
2 connect.facebook.net www.w9ein.com
connect.facebook.net
2 platform.linkedin.com www.w9ein.com
1 www.google.com tpc.googlesyndication.com
1 s0.2mdn.net googleads.g.doubleclick.net
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.facebook.com connect.facebook.net
1 edge.quantserve.com g.ezoic.net
1 s3.amazonaws.com www.w9ein.com
1 go.ezoic.net www.w9ein.com
76 26

This site contains links to these domains. Also see Links.

Domain
www.datalog.co.uk
twitter.com
www.401k-lookup.com
www.market-footprint.co.uk
www.vat-lookup.co.uk
Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-21 -
2022-04-21		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh

This page contains 12 frames:

Primary Page: http://www.w9ein.com/
Frame ID: BAC78B412A0CD12D0B81A91594581E10
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20190131/zrt_lookup.html
Frame ID: 32812D7850C2EE35C8D24968DCF95787
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe40b42d8e8f7c%26domain%3Dwww.w9ein.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.w9ein.com%252Ff195369da03820c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.401k-lookup.com%2F&layout=button_count&locale=en_GB&sdk=joey&share=true&show_faces=true
Frame ID: 4BAEEF5BDA24314340763A395C5BDD26
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9195886742224632&output=html&adk=1812271804&adf=3025194257&lmt=1649882991&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.w9ein.com%2F&ea=0&pra=5&wgl=1&dt=1649882991447&bpp=2&bdt=477&idt=263&shv=r20220406&mjsv=m202204040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5564112915368&frm=20&pv=2&ga_vid=179215973.1649882991&ga_sid=1649882992&ga_hid=1885379506&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44760333%2C44760911%2C31065741%2C31062931&oid=2&pvsid=1121122953836417&pem=75&tmod=407837208&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=276
Frame ID: 3A1831082E855A4ECF9A3F2B13B554A0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Frame ID: AEA38483614524BA828E7DA1C8B24B6D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5592475B559529E8B7CC9EF90498BC06
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Frame ID: A329680513564430C2C2BC1693A10A9C
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 3388B58D0DFE97A9826F537EE05A9C3C
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 886D9D0B63408DD09B5E54FF73B88729
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
Frame ID: B887DBAECD98009B55A35248F0810C80
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9E9A13F07687DFC8C2163A96C070D6A0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DE3A41F8D322025B2C79A587C258127B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

IRS USA Tax Employer Identification Number EIN lookup - check W9

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Page Statistics

76
Requests

70 %
HTTPS

69 %
IPv6

20
Domains

26
Subdomains

27
IPs

4
Countries

893 kB
Transfer

2834 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • http://connect.facebook.net/en_GB/sdk.js HTTP 307
  • https://connect.facebook.net/en_GB/sdk.js
Request Chain 24
  • http://rules.quantcount.com/rules-p-31iz6hfFutd16.js HTTP 301
  • https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Request Chain 29
  • http://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=w9ein.com;je=0;sr=1600x1200x24;dst=0;et=1649882991968;tzo=0;ogl= HTTP 301
  • https://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=w9ein.com;je=0;sr=1600x1200x24;dst=0;et=1649882991968;tzo=0;ogl=
Request Chain 45
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1&C=1
Request Chain 46
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ylc3cSNDbOUoiG2yaTfcBwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENH_9e0jGX_lEH13D3rvPA8&google_cver=1
Request Chain 47
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEMz94WW3xjCW-n0Ija2fSG8&google_cver=1
Request Chain 48
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMzMDY0MTM4OTAwNjcyMzgyMA%3D%3D

76 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.w9ein.com/ 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.w9ein.com/
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) / PHP/5.5.14
Resource Hash
334f7811c9a8354d32581e7b1a7469235433e992099c371a1cc7c2cedf0a474a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html
Date
Wed, 13 Apr 2022 20:49:50 GMT
Keep-Alive
timeout=15, max=100
Server
Apache/2.4.23 (Linux/SUSE)
Transfer-Encoding
chunked
X-Powered-By
PHP/5.5.14
401k.css
www.w9ein.com/ 		9 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.w9ein.com/401k.css
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) /
Resource Hash
150813a7e2b1a008acadddc9e4934d49d132716c9a824211fe9f50538026c525

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Last-Modified
Thu, 30 Apr 2020 15:27:45 GMT
Server
Apache/2.4.23 (Linux/SUSE)
ETag
"22a4-5a483b4def1c0"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
8868
401k.js
www.w9ein.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://www.w9ein.com/401k.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Server
Apache/2.4.23 (Linux/SUSE)
Vary
accept-language,accept-charset
Content-Language
en
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/html; charset=utf-8
Keep-Alive
timeout=15, max=100
ezoic.js
go.ezoic.net/ezoic/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://go.ezoic.net/ezoic/ezoic.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
2600:9000:2315:ca00:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b098e698f579c8576cf7e3e3f491587ecd7dbda80115658d8511c5949202830b

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sun, 25 Jul 2021 00:49:54 GMT
Content-Encoding
gzip
Age
22708797
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Tue, 13 Jul 2021 14:05:09 GMT
Server
nginx
ETag
"3008-5c701b9c2cf40-gzip"
Vary
Accept-Encoding,Accept-Encoding
Content-Type
application/javascript
Via
1.1 6c90efa18f660ef893fb03f41073cde8.cloudfront.net (CloudFront)
Cache-Control
max-age=31536000, public
X-Amz-Cf-Pop
DUS51-P2
Accept-Ranges
bytes
X-Robots-Tag
noindex
X-Amz-Cf-Id
95BESDZbDgmOlZBkqwivawHcJonwlrQVDTghjt-EPjHRcJwY2MCD7w==
Expires
Mon, 25 Jul 2022 00:49:54 GMT
cookieconsent.latest.min.js
s3.amazonaws.com/cc.silktide.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://s3.amazonaws.com/cc.silktide.com/cookieconsent.latest.min.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
52.216.8.37 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		154 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5bdeb1138cd4987f50d32f8df0a0cb129b2a2761647442ab97ff7aad38a2758e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53921
x-xss-protection
0
server
cafe
etag
14899513847817295114
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 13 Apr 2022 20:49:51 GMT
w9ein.png
www.w9ein.com/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.w9ein.com/images/w9ein.png
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) /
Resource Hash
dd65b862c5dc8800fa13f816cb3141c0f736d182c6cff74fdefb3ffc5b92d32e

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Last-Modified
Thu, 30 Apr 2020 12:29:55 GMT
Server
Apache/2.4.23 (Linux/SUSE)
ETag
"1acc-5a48138e2f58f"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
6860
in.js
platform.linkedin.com/ 		322 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
http://platform.linkedin.com/in.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
Age
2677
X-Cache
HIT
X-CDN-Proto
HTTP1
Content-Length
162496
X-LI-UUID
AAXcjrIZK5oQjRQO5Ac5Wg==
Server
ECAcc (frc/8F0A)
Last-Modified
Wed, 13 Apr 2022 20:05:15 GMT
X-Li-Pop
prod-lva1-x
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
Expires
Wed, 13 Apr 2022 21:05:15 GMT
tweet.png
www.w9ein.com/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.w9ein.com/images/tweet.png
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) /
Resource Hash
4bd354e95164b1fb225d051aa8340eb31a88b7a8f499c5154edb8518b16fdad4

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Last-Modified
Thu, 30 Apr 2020 15:21:10 GMT
Server
Apache/2.4.23 (Linux/SUSE)
ETag
"551-5a4839d51a1f8"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
1361
/
g.ezoic.net/ 		23 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://g.ezoic.net/?ezjsu=http%3A%2F%2Fwww.w9ein.com%2F
Requested by
Host: go.ezoic.net
URL: http://go.ezoic.net/ezoic/ezoic.js
Protocol
HTTP/1.1
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx / PHP/5.5.14
Resource Hash
79000987b5e6a875984839b4939728cdf6365840478bba2b7fc751a9156d0d53

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
X-Sol
orig
Display
orig_site_sol
X-Powered-By
PHP/5.5.14
X-Ezoic-Cdn
Hit ds;mm;3406024f43d61b91d1d19c83ce76eca1;2-191084-0;eaec614f-b64d-4932-4c76-d24186bc4e34
X-Middleton-Display
orig_site_sol
Access-Control-Max-Age
1728000
X-Middleton-Response
200
Pagespeed
off
Response
200
Server
nginx
X-Origin-Cache-Control
Vary
Accept-Encoding, User-Agent,Accept-Encoding
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/html
Access-Control-Allow-Origin
http://www.w9ein.com
Cache-Control
private, max-age=0, must-revalidate, no-cache, no-store
Transfer-Encoding
chunked
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-PINGOTHER
Expires
Tue, 12 Apr 2022 20:49:51 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4501
date
Wed, 13 Apr 2022 19:34:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 13 Apr 2022 21:34:50 GMT
sdk.js
connect.facebook.net/en_GB/
Redirect Chain
  • http://connect.facebook.net/en_GB/sdk.js
  • https://connect.facebook.net/en_GB/sdk.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/sdk.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H2
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
14204a1195a76c308f503bcf7fe3ce26223ca42137c722c72ebeea14e490c4e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
gpqBqTxxbQtxAxTh52Lzhw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1687
x-fb-rlafr
0
x-fb-debug
89TfyIlq05N4UVo/CMLTmkeD/43CYKWcT68DLdgqeJytH8S+x550zN6LRZKxCF+FL8RsNvaHwxI0FjQuMMGJmQ==
x-fb-trip-id
686109401
x-fb-content-md5
9e1e91bca2a54d670828663b870b028d
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 13 Apr 2022 20:49:51 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"f35a49369d1abc75e54d4370694aa544"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 13 Apr 2022 20:54:47 GMT

Redirect headers

Location
https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.0
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
sdk.js
connect.facebook.net/en_GB/ 		288 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/sdk.js?hash=a3f49d196e75da2c8714aa464f3c6f43
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_GB/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d66d04593283eefb7784a58038cfdbd5dd99848ab2587daec7f3ca7d25dd869e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://www.w9ein.com/
Origin
http://www.w9ein.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
wq1YBYX+KvktVgCi0n9+9Q==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
84316
x-fb-rlafr
0
x-fb-debug
Maq9mq99J4DUdy9rsBsqDK2zXQ2aYQwkBpSw9g5Anp2ov+CuO0KF8Ng8s4Rm4xHsTgz1PbqJsVASbVci8zz6Fw==
x-fb-content-md5
99b95aa4c7a7a1fcba937097ad688981
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 13 Apr 2022 20:49:51 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"7f40fbcc46375c488ebe5f3b2a346c29"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 13 Apr 2023 19:00:28 GMT
collect
www.google-analytics.com/j/ 		2 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1999760856&t=pageview&_s=1&dl=http%3A%2F%2Fwww.w9ein.com%2F&ul=en-us&de=windows-1252&dt=IRS%20USA%20Tax%20Employer%20Identification%20Number%20EIN%20lookup%20-%20check%20W9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1528311150&gjid=1809433743&cid=179215973.1649882991&tid=UA-44279177-2&_gid=299551269.1649882991&_r=1&_slc=1&z=34473340
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.w9ein.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://www.w9ein.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
401k.js
www.w9ein.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://www.w9ein.com/401k.js
Requested by
Host: go.ezoic.net
URL: http://go.ezoic.net/ezoic/ezoic.js
Protocol
HTTP/1.1
Server
92.24.2.52 Walsall, United Kingdom, ASN13285 (OPALTELECOM-AS TalkTalk Communications Limited, GB),
Reverse DNS
host-92-24-2-52.static.as13285.net
Software
Apache/2.4.23 (Linux/SUSE) /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Server
Apache/2.4.23 (Linux/SUSE)
Vary
accept-language,accept-charset
Content-Language
en
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/html; charset=utf-8
Keep-Alive
timeout=15, max=99
gc.php
g.ezoic.net/ezoic/ 		2 B
602 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://g.ezoic.net/ezoic/gc.php
Requested by
Host: go.ezoic.net
URL: http://go.ezoic.net/ezoic/ezoic.js
Protocol
HTTP/1.1
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Server
nginx
X-Robots-Tag
noindex
Vary
Accept-Encoding, Accept-Encoding
Access-Control-Allow-Methods
POST, GET, OPTIONS
P3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Access-Control-Allow-Origin
http://www.w9ein.com
Access-Control-Max-Age
1728000
Cache-Control
no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Content-Type
text/html
Access-Control-Allow-Headers
X-PINGOTHER
Content-Length
2
Expires
Sat, 26 Jul 1997 05:00:00 GMT
cmbv2.js
g.ezoic.net/detroitchicago/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://g.ezoic.net/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y21-3y55-1&cmbcb=43&sj=x04x02x06x07x19x0bx0dx13x17x1cx21x55
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1a736d1295e5373b73eb0ec7b73d47f354e11029ee80d964179966e466c8f4bc

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-Middleton-Display
sol-js
Cache-Control
max-age=31536000, public
Transfer-Encoding
chunked
X-Robots-Tag
noindex
in.js
platform.linkedin.com/ 		507 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://platform.linkedin.com/in.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
ee90e5e99abd9d34935bfec850db38fbafac3948e5fde6d9dbc4d36e10192e63

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
Age
2677
X-Cache
HIT
X-CDN-Proto
HTTP1
Content-Length
162496
X-LI-UUID
AAXcjrIZK5oQjRQO5Ac5Wg==
Server
ECAcc (frc/8F0A)
Last-Modified
Wed, 13 Apr 2022 20:05:15 GMT
X-Li-Pop
prod-lva1-x
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
Expires
Wed, 13 Apr 2022 21:05:15 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1885379506&t=pageview&_s=1&dl=http%3A%2F%2Fwww.w9ein.com%2F&ul=en-us&de=windows-1252&dt=IRS%20USA%20Tax%20Employer%20Identification%20Number%20EIN%20lookup%20-%20check%20W9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=179215973.1649882991&tid=UA-44279177-2&_gid=299551269.1649882991&_slc=1&z=775200439
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.w9ein.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://www.w9ein.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/ 		298 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ccd4a717c5b128e4a606c45b2a48bb003d559d3864a6d0e1c9578ffedc196a8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
108925
x-xss-protection
0
server
cafe
etag
2839080667557189403
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 13 Apr 2022 20:49:51 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220406/r20190131/ Frame 3281 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220406/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
11199
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 17:43:12 GMT
etag
14837630671339829333
expires
Wed, 27 Apr 2022 17:43:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
imp.gif
g.ezoic.net/detroitchicago/ 		43 B
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://g.ezoic.net/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A191084%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A0%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22eff884a5-45cd-4cdc-45d9-95e448dc4770%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A9370%2C%22response_time_orig%22%3A14%2C%22serverid%22%3A%223.122.195.157%3A26104%22%2C%22state%22%3A%22%22%2C%22t_epoch%22%3A1649882991%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22http%3A%2F%2Fwww.w9ein.com%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A223%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by
Host: g.ezoic.net
URL: http://g.ezoic.net/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y21-3y55-1&cmbcb=43&sj=x04x02x06x07x19x0bx0dx13x17x1cx21x55
Protocol
HTTP/1.1
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Server
nginx
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Access-Control-Allow-Methods
HEAD, PUT, POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
http://www.w9ein.com
X-Middleton-Display
imp_sol
Access-Control-Max-Age
1728000
Cache-Control
private, max-age=0, must-revalidate, no-cache, no-store
Access-Control-Allow-Headers
Content-Type
Content-Length
43
Expires
Tue, 12 Apr 2022 20:49:48 GMT
quant.js
edge.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://edge.quantserve.com/quant.js
Requested by
Host: g.ezoic.net
URL: http://g.ezoic.net/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y21-3y55-1&cmbcb=43&sj=x04x02x06x07x19x0bx0dx13x17x1cx21x55
Protocol
HTTP/1.1
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
Etag
"u2JtyZzqnTXwzBUswy2r+w=="
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private, max-age=604800
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Accept-Ranges
bytes
Expires
Wed, 20 Apr 2022 20:49:51 GMT
cmbdv2.js
g.ezoic.net/detroitchicago/ 		43 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://g.ezoic.net/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-5y0c-5y18-4&cmbcb=43&sj=x03x0cx18
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
HTTP/1.1
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d12b15159942b8c9ad262d81700868215695a57fcd944bc751d181e5657ba38c

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-Middleton-Display
sol-js
Cache-Control
max-age=31536000, public
Transfer-Encoding
chunked
X-Robots-Tag
noindex
like.php
www.facebook.com/v2.0/plugins/ Frame 4BAE 		0
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe40b42d8e8f7c%26domain%3Dwww.w9ein.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.w9ein.com%252Ff195369da03820c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.401k-lookup.com%2F&layout=button_count&locale=en_GB&sdk=joey&share=true&show_faces=true
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js?hash=a3f49d196e75da2c8714aa464f3c6f43
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 13 Apr 2022 20:49:51 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-content-type-options
nosniff
x-fb-debug
FhaKOjq76QSU7hWfn+yjhR8gS/VAFdIlYUpumwMR+EJEK0fvaiPeNplDW8oPgpEbbbHvz6bw1G6ygK2K4dfoHA==
x-xss-protection
0
rules-p-31iz6hfFutd16.js
rules.quantcount.com/
Redirect Chain
  • http://rules.quantcount.com/rules-p-31iz6hfFutd16.js
  • https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
3 B
430 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H2
Server
2600:9000:223c:2800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 15:15:28 GMT
via
1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront)
age
65069
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:50:24 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
rXSg30SSgHG6ZJRj_YidWCX-bYTsJ_HFX5ck3EL8CGu_FMu2jo7zIA==

Redirect headers

Date
Wed, 13 Apr 2022 20:49:51 GMT
Via
1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA56-P2
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Connection
keep-alive
Content-Length
183
X-Amz-Cf-Id
7e2Vd8yElgnqAx5zDsl2Jb5SoqVocc8sB_6KrZc1nZUMM7cIXnfVrA==
cookie.js
partner.googleadservices.com/gampad/ 		213 B
644 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.w9ein.com&callback=_gfp_s_&client=ca-pub-9195886742224632
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
59a78da7bcbea26a7f5aa665824b983e538c6d260c01e4cf40d0a8bace82d8a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
199
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.w9ein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.w9ein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 3A18 		166 KB
49 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9195886742224632&output=html&adk=1812271804&adf=3025194257&lmt=1649882991&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.w9ein.com%2F&ea=0&pra=5&wgl=1&dt=1649882991447&bpp=2&bdt=477&idt=263&shv=r20220406&mjsv=m202204040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5564112915368&frm=20&pv=2&ga_vid=179215973.1649882991&ga_sid=1649882992&ga_hid=1885379506&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44760333%2C44760911%2C31065741%2C31062931&oid=2&pvsid=1121122953836417&pem=75&tmod=407837208&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=276
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
059d38e7293c2cde5427c2aa15429da17e7a6da7bdd339a1bf5adc3b2290576f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
49682
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 20:49:52 GMT
expires
Wed, 13 Apr 2022 20:49:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-202...
pixel.quantserve.com/
Redirect Chain
  • http://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=...
  • https://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns...
35 B
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=w9ein.com;je=0;sr=1600x1200x24;dst=0;et=1649882991968;tzo=0;ogl=
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H2
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location
https://pixel.quantserve.com/pixel;r=413741381;labels=Domain.w9ein_com%2CDomainId.191084;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fwww.w9ein.com%2F;uht=2;fpan=1;fpa=P0-964893705-1649882991968;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=w9ein.com;je=0;sr=1600x1200x24;dst=0;et=1649882991968;tzo=0;ogl=
Date
Wed, 13 Apr 2022 20:49:52 GMT
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
0
Expires
Thu, 14 Apr 2022 20:49:52 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ca252c6c07c7225a50d09a7b45392d1062b365ca080d8f633214fbed7a6c6340
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52677
x-xss-protection
0
server
cafe
etag
5074103287982017168
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Apr 2022 20:49:52 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.w9ein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.w9ein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/ Frame AEA3 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
10980
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 17:46:52 GMT
etag
14837630671339829333
expires
Wed, 27 Apr 2022 17:46:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/ Frame 5592 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
10980
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 17:46:52 GMT
etag
14837630671339829333
expires
Wed, 27 Apr 2022 17:46:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame AEA3 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 19:17:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 13 Apr 2022 20:49:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 13 Apr 2022 20:49:52 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AEA3 		205 B
742 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:17:15 GMT
x-content-type-options
nosniff
age
1957
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 13 Apr 2023 20:17:15 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AEA3 		604 B
694 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:22:19 GMT
x-content-type-options
nosniff
age
1653
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 13 Apr 2023 20:22:19 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame AEA3 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1028dcd47e9f60f8efc41d203e597cba9e2d18649729482a997d649573c24ac3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:42:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
458
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8273
x-xss-protection
0
server
cafe
etag
12922110104593084955
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:42:14 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame A329 		624 B
300 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 20:49:52 GMT
expires
Wed, 13 Apr 2022 20:49:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 5592 		56 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2d83e736d60c68ae678ca0a11a2e62095b2db00f3b6a2146a5d78fcaa5950cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27089
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5592 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CyRvKmJF46krLGyXQVnw8itlccKQy_GlIONj-4ly69Ls4uM66CPCXNixVH1lwHV80SScuTIa7Gwgmp6N4sCmfRDKPRhO8xlujIuAkwycO1ldDIn4s
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 5592 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:29:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1239
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:29:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5592 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5c76c5cdd769bc7a048c8f65c56a7000adb29c8472d36eb4514af572a5ec5f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36908
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649677559247379"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 13 Apr 2022 20:49:52 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 5592 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:42:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
429
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:42:43 GMT
rum
dsum-sec.casalemedia.com/ Frame A329
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1&C=1
43 B
1013 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Protocol
HTTP/1.1
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 13 Apr 2022 20:49:53 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 13 Apr 2022 20:49:53 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 13 Apr 2022 20:49:53 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECCJWGaY5qr-F3my7Mduoik&google_cver=1&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
308
Expires
Wed, 13 Apr 2022 20:49:53 GMT
rum
dsum-sec.casalemedia.com/ Frame A329
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ylc3cSNDbOUoiG2yaTfcBwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENH_9e0jGX_lEH13D3rvPA8&google_cver=1
43 B
893 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENH_9e0jGX_lEH13D3rvPA8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Protocol
HTTP/1.1
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 13 Apr 2022 20:49:53 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 13 Apr 2022 20:49:53 GMT

Redirect headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:53 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENH_9e0jGX_lEH13D3rvPA8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame A329
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEMz94WW3xjCW-n0Ija2fSG8&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEMz94WW3xjCW-n0Ija2fSG8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Protocol
HTTP/1.1
Server
37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 13 Apr 2022 20:49:53 GMT
X-Proxy-Origin
82.199.130.39; 82.199.130.39; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
d7c9213e-0559-4205-a806-aeadca910ae4
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:52 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEMz94WW3xjCW-n0Ija2fSG8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame A329
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMzMDY0MTM4OTAwNjcyMzgyMA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMzMDY0MTM4OTAwNjcyMzgyMA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2M-AIQu_nTkwMYyt6NwAEwAQ&v=APEucNVaqDPUBZljIgSVfPbxASHWgExNnzUWVqqQacDg0kg0IrSpI5HIARv7IfASZqyuVJfub0mpnwUPsuM410vR3i2uT-kVRjYlI0o1vAaFt09Cddi17W_pj-7ZZA7nbaf1NoPHHg79upbL00CJVMEszlRmgZZ4gRCPqFtdi5XkLzfV2fPzuwU
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:53 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 13 Apr 2022 20:49:53 GMT
X-Proxy-Origin
82.199.130.39; 82.199.130.39; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4593adbf-c28f-453f-b65b-0ca36924d080
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMzMDY0MTM4OTAwNjcyMzgyMA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 5592 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
738b0dff97289a490e0472cca7d25e291a7ea70c850bfee1e264e9ad87a4a97b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:46:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9790
x-xss-protection
0
server
cafe
etag
8169034061967891973
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:46:17 GMT
BetterUp-ad3-PrioritiseYourMentalHealth-DE-728x90.jpg
s0.2mdn.net/11592496/ Frame 5592 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/11592496/BetterUp-ad3-PrioritiseYourMentalHealth-DE-728x90.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d1eeba136a2f9d0521b3ba8a3a332f54b56289813a318ae8f08fdf3c0110b2cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 14:27:08 GMT
x-content-type-options
nosniff
age
22964
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18991
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 17:17:30 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Apr 2022 14:27:08 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame 5592 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:46:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:46:37 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 5592 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssLAyGC1_Zuvlx3M77dBQhVfbf1Q4jZG2jSc6pTDnadd7pLK0QIOmDkUi48uKJvLZ6i75lIQ0PGsxqgtMSOlpJqmUZO_OsA9qOb7s_zgsAO-cVd_Ds50cWehUej-fFGXuFBR9g7F7Wg5UeUXV9BhOuPdUmXcOtiFxtyZJJMZWB6L7fvXeFMKAW5HYFV-7H2g2sD-qgc16ohu3srILKYVBIpIDcrJQPoZ-HMQ2IvGZA53QhaZ1BC-kA1rTeJHiALBJP77p4oxOPl-RCA99yPt9zFt_sVIPoO2sL3-QTVQCFPtKr5A0Q7TKH-vO-oLAbPlP3Q7iVga-baEe23Pc0PWEisfQjWjmxFIo7TZTipW-c4rxigwBRSlHSWL6sr3Ff1Cw23Ynd8qfQbSSDP7Ta884MxUkRFOAA2qa-9O3ddT_Jd5jBJfHNjXyLQeV2L1VGI1hUWjj8a8U0e4JA1AGJE89uCfyq_qqxtnEPxvziT2NCYHhO1ReggfNPbnCc6T-Pij2BWtkp8pHU_lB3o2Ivgtl9_C2zrGrn0zPMbP8So5j9IUvIYM56oERYetnm6NHAzqJPz5_epBLSLEH7j3HYCW4sE10oBBPxUAcNiKhjAEBk2kIOvU7SZXJ3RMfoEDc2ctW8lWn9QjV_XIT6Kr4M1nuzPrrAbE5lTJzKkUVjNVkkNkSX-YiooLR6GgQpC4unngRHEfXZJvjyTmOoLr3NIOSjeK9ADCnJVYhex7aG6Q9Cs9m50sKMgEG0g3zGgD2lrjYh5z_TInPfnnADMTKIKBsrj2ZurgqVxV5gK8jF5RcZHVqqX0YSzH2JWMPozovS_Sh6IGH03H11xV1PQLiR22YYxG3_vu6Upizk2CXT15X88hTAaeukRgWbjLiOtRkcntOpmS9GywWB7v4wBrvWFGOWJdrzoALxIFgZaQFkcWVetj3Q6MXdCJASsu09wgAkcILoLZFklYENeUXqpHticR_M4iFShxMa-vIetDiVRE_yxcnJbQpr7zGNwI7lVhfZ6B2kY5WM3TeDCvAYqq-UNgaxZivtx7P0keFxkwQBK5HjW4pOCNZyPuQ9twB46OZ_B20gF8o_LNAl8gke4nUawA1PVAO8XbgfX4zWuUBjm46EU3LKeaOnICO7Ovp70yelWozJwMkgQaGHfogrttMg7RLFK3F3SOsIM9iQ7mQ&sai=AMfl-YSMdS8d8QBx-8j8ZKV1fpK8MXmR39LMC-97WJNjg_BQpeRCvirKODcsbojK068cW39RxsiyVIwV-PZUcH55_50ywt6XznByS94ZoDnVZTjNE1AKVke7V0KsMoUBhJ1y6Mm8&sig=Cg0ArKJSzItUY3muLXyBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20220406.97199&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 13 Apr 2022 20:49:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 5592 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43932
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 13 Apr 2023 08:37:40 GMT
css
fonts.googleapis.com/ Frame 3388 		8 KB
892 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 19:21:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 13 Apr 2022 20:49:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 13 Apr 2022 20:49:52 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 3388 		2 KB
904 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:38:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
664
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:38:48 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 3388 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
49
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8000
x-xss-protection
0
server
cafe
etag
3330746967810570135
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:49:03 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 3388 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:49:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3388 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5c76c5cdd769bc7a048c8f65c56a7000adb29c8472d36eb4514af572a5ec5f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36908
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649677559247379"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 13 Apr 2022 20:49:52 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 3388 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:42:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
429
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Apr 2022 20:42:43 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame 3388 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 04:12:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
578239
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 06 Jul 2022 04:12:33 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 886D 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
43925
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 08:37:47 GMT
expires
Thu, 13 Apr 2023 08:37:47 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 5592 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34bcd97e4ac02432e11bdb54f5ee168d10e9dcf2914337719453704358b7cef4

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
pagead2.googlesyndication.com/bg/ Frame 886D 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 13:55:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
24892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13701
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Apr 2023 13:55:01 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 5592 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssLAyGC1_Zuvlx3M77dBQhVfbf1Q4jZG2jSc6pTDnadd7pLK0QIOmDkUi48uKJvLZ6i75lIQ0PGsxqgtMSOlpJqmUZO_OsA9qOb7s_zgsAO-cVd_Ds50cWehUej-fFGXuFBR9g7F7Wg5UeUXV9BhOuPdUmXcOtiFxtyZJJMZWB6L7fvXeFMKAW5HYFV-7H2g2sD-qgc16ohu3srILKYVBIpIDcrJQPoZ-HMQ2IvGZA53QhaZ1BC-kA1rTeJHiALBJP77p4oxOPl-RCA99yPt9zFt_sVIPoO2sL3-QTVQCFPtKr5A0Q7TKH-vO-oLAbPlP3Q7iVga-baEe23Pc0PWEisfQjWjmxFIo7TZTipW-c4rxigwBRSlHSWL6sr3Ff1Cw23Ynd8qfQbSSDP7Ta884MxUkRFOAA2qa-9O3ddT_Jd5jBJfHNjXyLQeV2L1VGI1hUWjj8a8U0e4JA1AGJE89uCfyq_qqxtnEPxvziT2NCYHhO1ReggfNPbnCc6T-Pij2BWtkp8pHU_lB3o2Ivgtl9_C2zrGrn0zPMbP8So5j9IUvIYM56oERYetnm6NHAzqJPz5_epBLSLEH7j3HYCW4sE10oBBPxUAcNiKhjAEBk2kIOvU7SZXJ3RMfoEDc2ctW8lWn9QjV_XIT6Kr4M1nuzPrrAbE5lTJzKkUVjNVkkNkSX-YiooLR6GgQpC4unngRHEfXZJvjyTmOoLr3NIOSjeK9ADCnJVYhex7aG6Q9Cs9m50sKMgEG0g3zGgD2lrjYh5z_TInPfnnADMTKIKBsrj2ZurgqVxV5gK8jF5RcZHVqqX0YSzH2JWMPozovS_Sh6IGH03H11xV1PQLiR22YYxG3_vu6Upizk2CXT15X88hTAaeukRgWbjLiOtRkcntOpmS9GywWB7v4wBrvWFGOWJdrzoALxIFgZaQFkcWVetj3Q6MXdCJASsu09wgAkcILoLZFklYENeUXqpHticR_M4iFShxMa-vIetDiVRE_yxcnJbQpr7zGNwI7lVhfZ6B2kY5WM3TeDCvAYqq-UNgaxZivtx7P0keFxkwQBK5HjW4pOCNZyPuQ9twB46OZ_B20gF8o_LNAl8gke4nUawA1PVAO8XbgfX4zWuUBjm46EU3LKeaOnICO7Ovp70yelWozJwMkgQaGHfogrttMg7RLFK3F3SOsIM9iQ7mQ&sai=AMfl-YSMdS8d8QBx-8j8ZKV1fpK8MXmR39LMC-97WJNjg_BQpeRCvirKODcsbojK068cW39RxsiyVIwV-PZUcH55_50ywt6XznByS94ZoDnVZTjNE1AKVke7V0KsMoUBhJ1y6Mm8&sig=Cg0ArKJSzItUY3muLXyBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=223&vt=11&dtpt=221&dett=2&cstd=0&cisv=r20220406.97199&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0ikUGSJN1kxQ4dvocTg-z8-oHbCYpfLc3YSKGpWgjp-s735pINrAqY_vp6XDp8-5wK7I0KIYa-D098hgk2ron1oWiOlRZwJRumNqNTByCuqlL9HVANzJNYGJYZmSVMACRQzhkacm7p-4T3QPZvZ93OrG66g&dbm_d=AKAmf-CbVbdQ4HZdtZ96y1ocWMf9n_ZOgbBzGifnSiZ2snIXl3ZwUbMUb9__iVISMe0SU7S0iPcWSbyUJ6kZ6TewsIqjNylNHznWOPGUKvx6GOOLgxY87W3pLh8x0q0jYHbz8OhTp_aSzq3KKGPtgkHQVBvSnzE8GMm4iwL0mBrpE9CWMA8nCqXofDZZ1S4joGwzwRqT6Epiy-Vrl-YW_8jhOOWWZkwOZxT7gUk_NCbMAWBETDgsfcw807loLdG1BDF34lXozmf4am3d6iF8IRJKKjZ7qZ_4bF-8GMiy5rro4XTs8batqlUiz65Yz8Ubmb-oTcNGevHrNfnxd-ugS3ib03UT8jp_-N6jlUy14Q1NMmUyS-8Xfgt3BdmugK5ROg6cLJjAVbiibf9pPKjhgteY6cb4n7lble2P-X27roJLVgUrYg1KGfk6146fUEIo9WEScSL81O5jVfAqn91OHk5zZuc_wsZ8nVLDrtDn2YhqBkoC9Jf4T2CZNVcYFQ4aEMYyuyd-6K05rPXo6WOKMKg5X2Su2DG0TLZBE3Wk5ybq5XrRTDnCf1UovkyRg9FhNM8sEHcdP9ITwMF_AfDdqHT7e8BD5Yr7FoWvkGZQM8W-DHOHdIvoq2xN7e0mZLU0v6CFyND0aMF6MFf-rzVTvaUCBWregUAQCZvc7gw5fVT1tGipb318SLXVfDjCNA26DouUmIVwMDlpKh17a3n7b77COnYUwFPZz08tz6iSDdoUHcQ719AE1tZ8atQkQe-OYtwp909BknFGV2R1XMLD2F4lxiAUTagxCP4S9xx8YkoRudS5jwPUpoBXlLwAsEF0XU7t1olXaJLeoLKuURxWUbAOGD2XKS2H1KN6Nvg3CVZ58nqLwU1nzvy6-zmrUPECIKC3bDLbKGEsUxvxZZ-axkH0t7HQ5KjEANqzq2qgbTayaVVwH1opMVq4YEDTF2YwzEluKC1JvSKHAe1sqT0CKdOGfMEdtkrq3J268CRjeEVTsgtEQOWIMhHRwjZHSZSugPakbGtoscU5q28OBN5onNkCttxAQfy5z6pIcwUqLBWEK9eXJ43CEceSQ8xQQXOwmt9GbcAOGG8-PY2piauIWMT-quixSP_iQ4Wskl9rYljxsP3iGFebjfnlZG5HrXx12SedC0PrG7irl1yxgImGlYxSCNKx9pg49fTItXuX8LRlaT9p7I_GycRcwWGGoYMjk3Dym-Q13fdL_dniBg1-XTyku9V7LzgQTr23LRAjx3N-skcruUPQMELmM-4YShDJLep2vpGEg27zw35uAMW0a_HabuRszIWhBAAM6OX7JB8pe0I7Nalg0Gp8-O4fyf7oRcsRG30UeQEiJ3BzNVw6oswX2gsMR41d6wiW7AN6WDX6b93YTrLbHSNleB-LHGGF29LLsVDJ0F3BiHEBNKr-PuL7bMEpWEIcwWyOXedhn-yyH6ob9B29tkpEUO0Rws-8FMQinqCwQ8JJlMBsoE_uCaqCh7bdlEu64igXArYb_fN1VIIkz3U80ug-eZvFqtDOFvBQob-p5SoUEI5OqrjXXk8uQV0s53ma8t2_JDBYhP6mMkqmtlihOH-rxP1ZtAK_K9tpzJeySYlNRKnlH3Z-LqbB0VKSsQBkkbDeQHxUYh5CT20GcFaHCQIepTf2GwWQ6DBPwX2O8M4NECYXTC0kMrZjFNr8HOv4E0SAqH8jMboQUaBeEa4FsVUpZk_UKnkh633D75gUNclPrLt5b9VEfPmgPIa1cYbjRcPMi-z0siYVyYf4JAINXs8TAsEIvhsYZwG_cwTwR_6k6uxoVRqZcl6B9OFm2S59w-uoU8ObEPoOdJ3RqFPEhSqef5GesV2k7EM5BVHZe10D7B_myIhNKAwp9k0uKOzi9shYwNJLIKaUZ1zqk3cgaF-ttLCe5k291Iu849gtKZzhhy2oFTBa-_fK1lepC0-UXBhoVgfQhRyMhTn75lpF7JRxyI2V5xbhwP4mVqW4uffhD4ufHrZv5djDlhd65pb3mG11aALpAZ6nWatwAZD2ExtjqXrcWHFnr_ypXMfsoClSgQeNTzpOOGHGmMQuBnUEyTCtZ5J_-D1Bg_IayV6Ge-3blYAu1-poKdpjZZW1o3M8VyZ1sh-T_Rl-L5unmxOJt3vw6uFibO1j_mLKxyXW4RUHI9TPujUjbwWW65jyu_Sfl7aNhrVCtvpu2cdGEeq1pVkpWCLZbbyHwylNVOyz9fNSsky8yJfLaP_95lnSKkxLsqoHFRju1V3fcuijKuLnq5ZBvDB9c6H1zqBHPzuTm-LI9v0v359qW1Yv-gB2rm3R9r7KIB2a2c2CG0TKd0y9jaIPgbC8CobSZ6L-9Udnbh5bJzh8H6tRW33bIi2DLlkR2WIsbJdLPxuwFrIRf0UpxcUbiwQoyqOlwjI3f2zwR90b1sRAb7z10H4Gh7b-Hbdt5g3oUqXpFfwf_dOCgzoT0Hxs1GfEVxX1_htr8EjClBkJcpvLGnlLG-qqHisGaT4FU8YPQBT5BiP1QP2rGBcPAqWGeDWmuDnPp5ERYQ8PPGe0YJAl__r6Y0QTv5cpSHi-VFGcleXY5ZN75ABKUQC6E2NkmnhwiBoRL4g1gBVzb4ZfRWHkCzzafKzkOAUMK_oS6Xt1YZBXZTUE5aVL_K8VEjpJe3ZTSj6pd2K2TtMHb8dqs0UM36oWr95BlXGjhEKvLmWS2QxCZ5eYTo3aMZzTd8V5csVSXRMsFFwWHFY9c4kba-5DKBgRvgiFZ3pvjr6EWaRYI4uffRbIUvhCi9E62aLxEqb09rKyKcRXmwufqdL7JjsQpPkfz_wx8EkhxyWbsjPJ5d4KmrtiAz5906zjHN5d8gLl6P8BYPOey9ubjnnzNqg-GYkseAYced0KqnvU-hvuXtHNCsToaVMPn5npFX3vrgH-WB76IOwjqMJmIT4EefU1fATN1_XiF4k-YTNrdj-qVQyMcmVQL_b0xkAdaq9YjEyZDuao4x9ZsS9ihGzuXhT0E5m4DyR8WozGo-19j3I0vU54dlcsZSESQXAu7A&cid=CAASBORol8s&rfl=1%2Chttp%253A%252F%252Fwww.w9ein.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
pagead2.googlesyndication.com/bg/ Frame B887 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
Requested by
Host: www.w9ein.com
URL: http://www.w9ein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 13:55:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
24892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13701
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Apr 2023 13:55:01 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 886D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZZ_McDdXYsC7LZKy3gOz_pbYBAAAAAA4AeAEAg&bg=!8vGl8bXNAAZAkm7qYJI7ACkAdvg8WrxSPHbAAAcNjm1gC7w_BuESCnKvRHzzlZqdWDQbYCZUM2bf9wIAAAB2UgAAAAJoAQcKACXDy9qhMNpNBNhvhMpL7z2ciUIzWMNvw6tWH5U4WUo9YTwRjocVmQLFkXp2VXaIGdhOCukKTbSwFs4CS6vpMJhJ4_o3sB-VnMBvq7IRwam2fuovPY4726vW9pajWYe3J6FcvjGtnQy6eDNqWNSRh2_rDtWnqJVZLCULrBs9rIuNK3MYw1d1cq5lh0204EqSHraUIpNQrkvb7qewqBIrtYnuZpIP1NkedmoUyVC8L1sgfOH55phgweaMOXqnNueTnX1kENMvynfTzOSEfKYkgXQE8qTtXq1-0nfqOqaHmuTFWWrfj4OtUK1WjFfzOl1TAW80ktq5U1-yo9TZEz3mXpU2O83FDSYXnoRvd58Vq2-T8GzWRsuAfRczVLQRlDPCZznk5U0KdVNLCPXPWJDPCe2z11MnOpnxLKlVZdbQDjXvWeTsE-9yzAkt1HcuwJ8euSN0IQZFQCNLcguZwivnr0H23NneGMbEwbmkCynKXoBeHuNiU6z7KhXxAROqqxc3z6UDvKOH5o_c940bqn7ZL3TKFepigPWyeVlv7HKTB6sgkjcbSFEFkmKGd83iULWDQZgMi_Mf5mJM3wBnCVRXaxuIVGbOZxsbqjOOHwTUloNFhBmLm7KjMLEfgR8fki7opV9LM-W2Z4lHo_31BDiyt538P3qcpxp-H0y5Y7NmyBI4dijppSUi7T7kpA0Ed0r13eP7S09KzSbY1qshGFxZhGZksR_YyUtbWC8UJrgOQFipwWJm0HmCn4ij1Z_rHYRQdPmxTo2Xky-GD1BzHiklJSIASFmbKHucRYwrz08T7hp4AaLb5pOM2Sw621dJ2GgVQyVTmRuZL_zKzCOoSGXvYuYQg0fW_nHhcPzsfZv7CI_LxWzEsA2TIMiK3SQGGiBTZTbPJs-I2LmjxJEHY66tU-_T-vDKPOnjJgoDDGfU3-p9s8joFwBunMCkjMVI0GM7nZ4vlPn9qHFphieiid1waPuzAl_nA_K4wvVTu_O59w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220406/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220406&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
23eaae7af09575e094af3bb5a4f380bdc48df527b8b442ef659135f1079992ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 13 Apr 2022 20:49:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10561
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9195886742224632&plah=www.w9ein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 13 Apr 2022 20:49:53 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9E9A 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
141
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 20:47:32 GMT
expires
Thu, 13 Apr 2023 20:47:32 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame DE3A 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
028f2ab27004442effdaa8969ea50f2f5ffd13a37030370e29245d430c9f0880
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hXxq9TZtODTBS1jROPT3lw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.w9ein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-hXxq9TZtODTBS1jROPT3lw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 20:49:53 GMT
expires
Wed, 13 Apr 2022 20:49:53 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
pagead2.googlesyndication.com/bg/ Frame 9E9A 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 13:55:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
24892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13701
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Apr 2023 13:55:01 GMT
generate_204
tpc.googlesyndication.com/ Frame 9E9A 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?Zh0cqA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 20:49:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame DE3A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220406&jk=1121122953836417&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220406&jk=1121122953836417&bg=!FhWlFVHNAAZAkm7qYJI7ACkAdvg8WpVdPaWI6oI2lwLYwP3QT4Zqu51-WC6KVIuJ4nh591VZWKmnuAIAAABQUgAAAANoAQeZAptgpbAJcWf_dnns6dc5tt6-JAHka3PmlWVx62u-LXx6-DzPJS-aErv6ak-syrD7MtSraAuWPH_tyHZ2YpyXRD-iVnxk3hMMXFQq0LNu9edzJl6iIVJc8ka6CUt5AbSskNZhk1cMD1vs3vLIb8XLl-oIufvu1PnD-EwhcTkv3Jw4MDO0mWdcoIT5gF7tqPszyytDOTHdujfQzbORfOpcXrmp-IR6HwFIzgqcdCimKB_GJlWTGZ-oy-KXOuRuwUJW3r5o3I8FBjvwqdY3SZP73KFkzzHk8ZqKaUM-wBe0B9jQVFP-WriFO-968bG219KZjtnwB1Nqo9TZp-H3jE33mw_xRBXsTV8lwklruW6trg7vHQJw3BSZax3lw3J1GAfuzOIGf4S1aEVlQWLv90_5uSGVaPAcYcmI_P1U9iaA0I2LESIDvuOwsQzg1we39JtK9eyPB4wExbweoI5ReY8rHz0bKJxIMRhnT-k12Bn4F0_1r_LJQjkzVFo91S4ytWMvXt3E0uKM8kVquz9-lGkrdcSs6crhS2l3ZxCUw0P8zEw0IqYv-2tjtz5OWw3vmrEI16fL5h_v6mcwopRlfx-xBsROYHhyDcNl-4HTrJ7UaH08L9j118fq7vExO4ZQM9Lfs03cd-qHknVxSop8MKM9sPw7hPiNFssTo4dHY-g_leuLgUZZnMFiPOAjjectA5Av78S5zhiPH5w60dcWERK0W5l-fbn98LlqHQMM98-QMWMYL2l78MANRnJaf6p5y9a7AVoyWdFj5triMBJaqf1mBAniNFQHiom6XP417zCLd2ickiX5ypuePNM8N0ziZ8N59FKlaVxDQC7yweimsWaNjkjk__zpujXp6sIj6tgekEEfQsiIdPEFq5z0y3py
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.w9ein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5592 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrqxyDO4J4qaF9QAvx-6OpXqZR5_VkELMVMsatRElMlPU-2HlqJzcyD-DqdVe4ZlUbXq37bXYHJ8L_VFfUDNnQ_CEIUiOwQyWkUvAnT8z31r9ln91syw&sai=AMfl-YR_PCqiPENNoL1hphs2L8hiGT6FVZZCmOWIHFFH75g5uWICslw1wegYGJX7-2erm8fshpMz98kzZf4Y&sig=Cg0ArKJSzL4crZIaSHh4EAE&cid=CAASBORol8s&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=784,1000,1000,1000,1000&tos=784,216,0,0,0&v=20220411&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1649882992630&rpt=773&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Apr 2022 20:49:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| structuredClone object| oncontextlost object| oncontextrestored number| ezoicId function| EzPaq object| ezoTempStyle object| ezpaq number| readyStateCheckInterval string| css object| __ez string| GoogleAnalyticsObject function| ga object| cookieconsent_options string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable object| _ezaq string| _ezExtraQueries boolean| ezJsu function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| FB string| json_cookies object| ez_cookies object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux function| _ez_TOS_TrackEvent function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt object| metricNameMap function| ezlogVital object| _qevents object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst object| webVitals object| ct object| ezmt object| ezua object| ezuxgoals object| ezdent object| ezDenty object| __core-js_shared__ object| Sslac object| IN number| ezodomstart number| ezoIint function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_llp number| google_lpabyc object| googletag object| perf_vals number| indexKey object| GoogleGcLKhOms object| google_image_requests

15 Cookies

Domain/Path Name / Value
.w9ein.com/ Name: _ga
Value: GA1.2.179215973.1649882991
.w9ein.com/ Name: _gid
Value: GA1.2.299551269.1649882991
.w9ein.com/ Name: _gat
Value: 1
.w9ein.com/ Name: __gads
Value: ID=446c3c7b3f8bdfc7-22b3403576cd008d:T=1649882991:RT=1649882991:S=ALNI_Ma-Lo42hqrE0-NvRNYV0njG-abJMA
.quantserve.com/ Name: mc
Value: 62573770-3f819-633b4-68e06
.w9ein.com/ Name: __qca
Value: P0-964893705-1649882991968
.doubleclick.net/ Name: IDE
Value: AHWqTUlFVMZDC2uLv1kSmwFbDw5fSI7lYawkJndM-l9na9EeLxv2ipEPJSpqZUnzpkM
.adnxs.com/ Name: uuid2
Value: 7330641389006723820
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In9rev]p!]tbPl1M>e)ZlrFUfJ+tGXxo]U+1(xa<fx)J4C._NW2$]?0P6=OyyeUK>)Vi3If)y3KL9D3I?+N%8W-p
.casalemedia.com/ Name: CMPS
Value: 1840
.casalemedia.com/ Name: CMST
Value: Ylc3cWJXN3EA
.casalemedia.com/ Name: CMID
Value: Ylc3cSNDbOUoiG2yaTfcBwAA
.casalemedia.com/ Name: CMPRO
Value: 287
.casalemedia.com/ Name: CMRUM3
Value: 2d625737712760CAESENH_9e0jGX_lEH13D3rvPA8
www.w9ein.com/ Name: ezux_lpl_191084
Value: 1649882993409|eff884a5-45cd-4cdc-45d9-95e448dc4770|false

5 Console Messages

Source Level URL
Text
network error URL: http://www.w9ein.com/401k.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript warning URL: http://go.ezoic.net/ezoic/ezoic.js(Line 145)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://platform.linkedin.com/in.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://go.ezoic.net/ezoic/ezoic.js(Line 145)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://platform.linkedin.com/in.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: http://www.w9ein.com/401k.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://s3.amazonaws.com/cc.silktide.com/cookieconsent.latest.min.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
edge.quantserve.com
fonts.googleapis.com
g.ezoic.net
go.ezoic.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.quantserve.com
platform.linkedin.com
rules.quantcount.com
s0.2mdn.net
s3.amazonaws.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.w9ein.com
104.102.29.65
142.250.184.226
142.250.186.162
142.250.186.34
18.159.80.129
2600:9000:223c:2800:6:44e3:f8c0:93a1
2600:9000:2315:ca00:2:cb38:840:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2001
2a00:1450:4001:813::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
37.252.172.249
52.216.8.37
92.24.2.52
028f2ab27004442effdaa8969ea50f2f5ffd13a37030370e29245d430c9f0880
059d38e7293c2cde5427c2aa15429da17e7a6da7bdd339a1bf5adc3b2290576f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1028dcd47e9f60f8efc41d203e597cba9e2d18649729482a997d649573c24ac3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14204a1195a76c308f503bcf7fe3ce26223ca42137c722c72ebeea14e490c4e6
150813a7e2b1a008acadddc9e4934d49d132716c9a824211fe9f50538026c525
1a736d1295e5373b73eb0ec7b73d47f354e11029ee80d964179966e466c8f4bc
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
23eaae7af09575e094af3bb5a4f380bdc48df527b8b442ef659135f1079992ae
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2d83e736d60c68ae678ca0a11a2e62095b2db00f3b6a2146a5d78fcaa5950cdc
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
334f7811c9a8354d32581e7b1a7469235433e992099c371a1cc7c2cedf0a474a
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
34bcd97e4ac02432e11bdb54f5ee168d10e9dcf2914337719453704358b7cef4
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bd354e95164b1fb225d051aa8340eb31a88b7a8f499c5154edb8518b16fdad4
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59a78da7bcbea26a7f5aa665824b983e538c6d260c01e4cf40d0a8bace82d8a9
5bdeb1138cd4987f50d32f8df0a0cb129b2a2761647442ab97ff7aad38a2758e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
738b0dff97289a490e0472cca7d25e291a7ea70c850bfee1e264e9ad87a4a97b
79000987b5e6a875984839b4939728cdf6365840478bba2b7fc751a9156d0d53
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c76c5cdd769bc7a048c8f65c56a7000adb29c8472d36eb4514af572a5ec5f8
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
b098e698f579c8576cf7e3e3f491587ecd7dbda80115658d8511c5949202830b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ca252c6c07c7225a50d09a7b45392d1062b365ca080d8f633214fbed7a6c6340
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccd4a717c5b128e4a606c45b2a48bb003d559d3864a6d0e1c9578ffedc196a8a
d12b15159942b8c9ad262d81700868215695a57fcd944bc751d181e5657ba38c
d1eeba136a2f9d0521b3ba8a3a332f54b56289813a318ae8f08fdf3c0110b2cc
d66d04593283eefb7784a58038cfdbd5dd99848ab2587daec7f3ca7d25dd869e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd65b862c5dc8800fa13f816cb3141c0f736d182c6cff74fdefb3ffc5b92d32e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee90e5e99abd9d34935bfec850db38fbafac3948e5fde6d9dbc4d36e10192e63
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629