postimages.org Open in urlscan Pro
2606:4700:3033::6815:55cc Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://webs-signnfinitya.com/
Effective URL:
https://postimages.org/
Submission: On February 21 via api (February 21st 2024, 8:43:26 pm UTC) from US — Scanned from US

Summary HTTP 123 Redirects Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 13 domains to perform 123 HTTP transactions. The main IP is 2606:4700:3033::6815:55cc, located in United States and belongs to CLOUDFLARENET, US. The main domain is postimages.org. The Cisco Umbrella rank of the primary domain is 620598.
TLS certificate: Issued by GTS CA 1P5 on February 3rd 2024. Valid for: 3 months.

This is the only time postimages.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.30.195.81 103.30.195.81	138608 (CLOUDHOST...) (CLOUDHOST-AS-AP Cloud Host Pte Ltd)
1	2606:4700:303... 2606:4700:3033::6815:55cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3031::6815:2b1d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
2 16	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
11	2607:f8b0:400... 2607:f8b0:4006:807::200e	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:80b::200a	15169 (GOOGLE) (GOOGLE)
22	2607:f8b0:400... 2607:f8b0:4006:81c::2001	15169 (GOOGLE) (GOOGLE)
3 4	142.251.40.194 142.251.40.194	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	68.67.161.208 68.67.161.208	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
3 4	2607:f8b0:400... 2607:f8b0:4006:81f::2004	15169 (GOOGLE) (GOOGLE)
1 2	107.21.115.196 107.21.115.196	14618 (AMAZON-AES) (AMAZON-AES)
3	2607:f8b0:400... 2607:f8b0:4006:824::2006	15169 (GOOGLE) (GOOGLE)
4	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
3	142.250.65.194 142.250.65.194	() ()
4	2600:9000:247... 2600:9000:247b:b200:8:48e:53c0:93a1	() ()
7	2600:1f13:800... 2600:1f13:800:7780:6827:f78a:7ed8:a42	() ()
123	20

1 103.30.195.81 (Indonesia) 1 redirects

ASN138608 (CLOUDHOST-AS-AP Cloud Host Pte Ltd, SG)
PTR: ip103-30-195-81.cloudhost.web.id

webs-signnfinitya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:55cc (United States)

ASN13335 (CLOUDFLARENET, US)

postimages.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3031::6815:2b1d (United States)

ASN13335 (CLOUDFLARENET, US)

postimgs.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2607:f8b0:4006:80e::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:821::2002 (United States) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:807::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80b::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.194 (Queens, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.161.208 (New York, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81f::2004 (United States) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.21.115.196 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-115-196.compute-1.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:824::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.65.226 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.65.194 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:247b:b200:8:48e:53c0:93a1 (None, )

ASN- ()

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f13:800:7780:6827:f78a:7ed8:a42 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 158	845 KB
23	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 278 googleads4.g.doubleclick.net	189 KB
15	google.com 3 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 659 www.google.com — Cisco Umbrella Rank: 2	70 KB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 951 static.adsafeprotected.com dt.adsafeprotected.com	117 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	73 KB
5	postimgs.org postimgs.org — Cisco Umbrella Rank: 314657	39 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 141
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 272	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 696	3 KB
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 328	78 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	4 KB
1	postimages.org postimages.org — Cisco Umbrella Rank: 620598	4 KB
1	webs-signnfinitya.com 1 redirects webs-signnfinitya.com	467 B
123	13

	Domain	Requested by
27	pagead2.googlesyndication.com	postimages.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
22	tpc.googlesyndication.com	googleads.g.doubleclick.net postimages.org tpc.googlesyndication.com pagead2.googlesyndication.com
16	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
7	dt.adsafeprotected.com	googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
5	postimgs.org	postimages.org postimgs.org
4	static.adsafeprotected.com	googleads.g.doubleclick.net srcdoc
4	www.googleadservices.com	googleads.g.doubleclick.net postimages.org
4	www.google.com	3 redirects tpc.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	googleads4.g.doubleclick.net	postimages.org
3	s0.2mdn.net	postimages.org s0.2mdn.net
3	fonts.googleapis.com	googleads.g.doubleclick.net s0.2mdn.net
2	fw.adsafeprotected.com	1 redirects postimages.org
1	fonts.gstatic.com	fonts.googleapis.com
1	postimages.org
1	webs-signnfinitya.com	1 redirects
123	20

This site contains no links.

Subject Issuer	Validity	Valid
postimages.org GTS CA 1P5	`2024-02-03` - `2024-05-03`	3 months	crt.sh
postimgs.org GTS CA 1P5	`2024-01-02` - `2024-04-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh

This page contains 22 frames:

Primary Page: https://postimages.org/
Frame ID: 4A0F686193F07A6ADF04588BC4C124AD
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20190131/zrt_lookup_fy2021.html
Frame ID: 0727B6F85BBC5CB2B67EFED27CD5DF1F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&adk=1812271804&adf=3025194257&lmt=1708548198&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpostimages.org%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198102&bpp=20&bdt=513&idt=523&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8493496452554&frm=20&pv=2&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=585
Frame ID: 57AE52DF09B6C474F68FD48208A136CC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Frame ID: 9E836A01CC5EE15DB496BF78489546AD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198128&bpp=2&bdt=539&idt=655&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=665
Frame ID: 3DBFC2A3683007FDAD1BE550650273DE
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjWu8yBAjAB&v=APEucNXxkIz_k2ag-yBwtBlCyI__0zg-P3fLORK7IiqtgBEZv7JaxC3dB_2b878AwiqgNxLkTCs_86xwRDGkIdUWQR9H6RbMFg
Frame ID: 15E35CA656871D64AE71FAE4C15AB9DC
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 265273F2352B07E2EFCD5EA385C0D889
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8577564901C2F36E12207744885DFAAB
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C44B4A971B5070F141792FED30F98BCD
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 938E095CAE6B607275E09FA020C3B846
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D441D27AEA3806825F62B8C32D28B38F
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C6B28C36A17B13B4C4B5EC0F9B4F4DEB
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6391CFF392BDE5784106409143E87FBF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8A031CA8BF1C5F2CFEE58E980A556F72
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js
Frame ID: 060821EABD9BB80AFAE48CD8B836CD7C
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15313612520504161112/index.html?ev=01_250
Frame ID: 969D6373137BE7941618277110E2E99C
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6B5A789D951BCBC2FF02DE28ADDDDDB1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js
Frame ID: 313C609555C48491736E5EE2C0458ED6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js
Frame ID: 894CE206169CFA8A973B6BE6A5B02D4E
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_728x90.js
Frame ID: F24510665D60291F012C7E21540C92EF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A4C2D44ADE20021355EB2EB6A4B2933F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5394187DDCAF53335692C65B8B661AC1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postimages — free image hosting / image upload

Page URL History Show full URLs

https://webs-signnfinitya.com/ HTTP 307
https://postimages.org/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

123
Requests

89 %
HTTPS

65 %
IPv6

13
Domains

20
Subdomains

20
IPs

3
Countries

1421 kB
Transfer

4157 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://webs-signnfinitya.com/ HTTP 307
https://postimages.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1

Request Chain 34

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdZgaNHM474AAGX2ACsBigAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1

Request Chain 35

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEC2BxvFk8rOYbW8Ir3VjCKM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC2BxvFk8rOYbW8Ir3VjCKM%26google_cver%3D1

Request Chain 36

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxMjkxODIyNDEyMTI1MTc3OQ%3D%3D

Request Chain 46

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 70

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 72

https://googleads.g.doubleclick.net/pagead/adview?ai=Cj-nfZmDWZZbkL4brkPIP5P2zwAuI5LO2dZyAk9rvEcrd2qeGQhABIJHywAdgyYaAgNyjxBCgAezP5L4qyAECqAMByAPJBKoEzAFP0IclECkFnVyPCOPJMxs-_uhkYDlsQFwYPLnIY-taZj-W3y1yN0Esf0syh791jni2OlOx8mXevGukzsGOyjiqe5cDHQ9Kl0KMUMbrQHgp_KrIepGje3rFX2fST28az7RgoepFWHFWEvgo0VrJTSNd8kYgqUWpRcOhhn3gOkZyzME0KLTb2m8E6RjWB9W2a4bYMBw1V2EM16I65d85O9whWjy2qmDgcJHqK4_cSCj7H2r9kh4NBUdsTi4FLDSFch3Q2nyrtfICAYGKFXTABMWA_8rEBIgFyOjH-U2gBgKAB-yHtZ4FqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwHyBwQQ5Joj0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WIis34OmvYQDmgl8aHR0cHM6Ly9zZWF0Z2Vlay5jb20vdmVudWVzL2FtZXJhbnQtYmFuay1hcmVuYS90aWNrZXRzP3V0bV9zb3VyY2U9Z29vZ2xlJnV0bV9tZWRpdW09cGFpZCtkaXNwbGF5JnV0bV9jYW1wYWlnbj1ndXB0YV9wYW50aGVyc4AKAcgLAdoMEQoLEJCq9tWW8t-n-gESAgED2BMD0BUBgBcBshccChoIABIUcHViLTA3NzYyMDAyNjUyMDg5MjkYAA&sigh=bFtxwwm5EAI&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_J1yxTFjf1da0PSnu1PZ9GFj4zDvYrmpTxbxmL7pEH2tDkXQYQb96fbrnWRWosoJymzel1OEFr88cbNjoIFnI2FIGFDZp16LfwMoYAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x373ae0b6e6c0419a0000000000000000%22,%222%22:%220x6aebfbf6a63325d10000000000000000%22,%223%22:%220xb336bbd026d5b79b0000000000000000%22,%224%22:%220x339dcc8ee8f350d90000000000000000%22,%225%22:%220xd4b879d39efa15720000000000000000%22},%22debug_key%22:%2211841948636265388114%22,%22debug_reporting%22:true,%22destination%22:%22https://seatgeek.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211405961196%22],%2222%22:[%22true%22],%224%22:[%2202-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226832900301479935233%22}&andc=true

Request Chain 74

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 79

https://googleads.g.doubleclick.net/pagead/adview?ai=CEzrwZmDWZfmrO_Geur8P0L6EoAmpo-mAdt-x3bX7Efr_1JjnHBABIJHywAdgyYaAgNyjxBCgAbCU9ZYDyAEBqAMByAPLBKoExgFP0Jiu5uRHMXvqf5M2IjvPclthtE4PUGAUEelKcPF1cPMG0J309k8IM0xd9Zd4AvhocH1VYNf4pLvrVOt7i554-CfShpDvJY-N61OHnawvyeIfPrYNqteBsbNYkBueQgpCLuTY6E3jRIC3mt-VQXAcovTQa3XMqKyCuWhDda1WR6ryS-9fdZ3OavalaDNpeWnq4kC2WHFz-L2gQdEzFqBOdxcseJT8N7smyWPB0dyFhme-ABAzPQVUDK4wqbd49lqeYHE1XBPABNj7uMGjA4gF1qjy6imSBQQIBBgBkgUECAUYBIAHzsGc2wGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAfIHBBC57AnSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY6vfqg6a9hAOaCYcBaHR0cHM6Ly93d3cubHVjaWRzcGFyay5jb20vbGFuZGluZz91dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWRpc3BsYXkmdXRtX2NhbXBhaWduPV9zcGFya19lbl91c19kZXNrdG9wX2Rpc3BsYXlfYWN0aXZhdGlvbl9hdWRpZW5jZXNfgAoByAsB2gwRCgsQoPy2noqSj6_GARICAQPYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMDc3NjIwMDI2NTIwODkyORgA&sigh=t2KfElrLMTU&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_7NcJcy84FCPw7EHkGdcfXO8bbEgvVnpqRGG0jjjKCjZZUpaw22uTb31Mn_IfS1niPbh-N2XYRlWoYg5Lpe9khtp-UQdlG_SVpukYAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x726da0485fae69e90000000000000000%22,%222%22:%220x3316887f9a8481fe0000000000000000%22,%223%22:%220xa8d8f24706f98b0e0000000000000000%22,%224%22:%220x684ba66c49c6cc3e0000000000000000%22,%225%22:%220x62f3ab4b4dd365410000000000000000%22},%22debug_key%22:%222446076507411617204%22,%22debug_reporting%22:true,%22destination%22:%22https://lucidspark.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22853363248%22],%2222%22:[%22true%22],%224%22:[%2202-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227271313439794286545%22}&andc=true

Request Chain 80

https://fw.adsafeprotected.com/rfw/st/1885389/77498460/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015693116&ias_pubId=pub-0776200265208929&ias_chanId=1&ias_placementId=20992423143&bidurl=https://postimages.org/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h7opu923oYbMukZ1bNAmp9&adContainerId=brand_safety_aGDWZa_wG-2EnboPhfim6AI&cbFunctionName=goog_wrapCb_aGDWZa_wG-2EnboPhfim6AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpostimages.org&adsafe_type=g&adsafe_url=https%3A%2F%2Fpostimages.org%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0776200265208929%26output%3Dhtml%26h%3D90%26slotname%3D4727113088%26adk%3D1184666797%26adf%3D3475520789%26pi%3Dt.ma~as.4727113088%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1708548198%26rafmt%3D2%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fpostimages.org%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1708548198123%26bpp%3D5%26bdt%3D534%26idt%3D575%26shv%3Dr20240220%26mjsv%3Dm202402150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D8493496452554%26frm%3D20%26pv%3D1%26ga_vid%3D2004089668.1708548199%26ga_sid%3D1708548199%26ga_hid%3D761487449%26ga_fc%3D0%26u_tz%3D-600%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D70%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31081152%252C95324581%252C95325069%252C95324155%252C95324161%252C95325794%26oid%3D2%26pvsid%3D736346958798300%26tmod%3D1030225648%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CpEe%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D2%26uci%3Da!2%26fsb%3D1%26dtd%3D617&adsafe_type=bed&adsafe_jsinfo=,id:ff3e9af1-ce82-b17e-e419-191d1975cd4c,c:4QOLWI,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-659c4c654f-bt7kc,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:8,mot:0,app:0,maw:0,tdt:s,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:50,oid:d9a30ed8-d0f9-11ee-bf87-762ec0eed638,v:19.8.483,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

123 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
postimages.org/
Redirect Chain

https://webs-signnfinitya.com/
https://postimages.org/

12 KB
4 KB

261ms
143ms

Document
text/html

2606:4700:3033::6815:55cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:55cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d20c17a56d4a1472fe9d3c8bdbab18b0a5090602d121c53f54781faaa6b7a182

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8591d21a1af421c1-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 21 Feb 2024 20:43:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aK23WS5ySkU%2Bvsz%2Bbu%2BT5cV0ivn%2FV3Rr%2F1ohfz2PfVJYyOrrWuOq%2FZsgusFHQ8hi41d912m7DzMest1bkm%2BypfZNtc5CKiiEbL8p%2F2T%2BKqCdoOpRk6RqdKLENp%2BkCwXIUrFLMjpS%2FvreeZiIqA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 21 Feb 2024 20:43:16 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://postimages.org
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 style.css
postimgs.org/167/ 81 KB
16 KB 269ms
53ms Stylesheet
text/css 2606:4700:3031::6815:2b1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/style.css
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2b1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7ae1a1887541a5761b56023ba3437d5d5a8df0e33bafa02a7b192208f686768

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 03 May 2020 14:48:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4965
etag: W/"5eaed9d2-144b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKIOz3EYibHN1eWHVxX96CqFaWUN1TK3c6hzEvjGPqZfbf9QQxo1gYkg1%2FDbhhYK1GF5HZ94Mmm2Fv1KsTbr30cD0vynHcdEaE57ptiDRV0D9Vzj1rEHRLHK9wRRcOdwvxWMlurB2vMeHNs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 8591d21c5d1774b2-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 312ms
98ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c2a857e487863b99dce94733988dbc40b78f96c86da25ae265c14b92e617d6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Origin: https://postimages.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51138
x-xss-protection: 0
server: cafe
etag: 6177980888766056283
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Wed, 21 Feb 2024 20:43:17 GMT

GET
H2 200 logo.png
postimgs.org/img/ 2 KB
3 KB 245ms
31ms Image
image/png 2606:4700:3031::6815:2b1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://postimgs.org/img/logo.png
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2b1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aa70024ac6f01c7669a14fc606db2cb555073bad5a076c9d70869392fb1118f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:17 GMT
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2017 15:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4965
etag: "593819b2-8b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BtHiCd9GSOWr0C9mps3FRsZTbXvaALm6%2FrbQJdiBX1x6bsLAUZrARMDPMGfv6oLeCHAxzsZ1zMGCyMqnYVkPTMdwPbLvYCMJzRBzuReBlOER0DbwAiAlrK35U%2FTXxV4AzwuKQPdBMs8crTc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8591d21c5d1b74b2-MIA
alt-svc: h3=":443"; ma=86400
content-length: 2230

GET
H2 200 slidebar.js Show response
postimgs.org/167/ 11 KB
4 KB 249ms
35ms Script
application/javascript 2606:4700:3031::6815:2b1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/slidebar.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2b1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 700602424f3b2803dc9d2c06a01b7afe6639b1334f9144b4ed1a831e74ca6f8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4093
etag: W/"5b9f3534-2c90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxoHR9fj%2Fgs4V2h7X4YnuTqclBYYjl0gh7DgV2ekzt5%2FerQy5W28A1Dq%2BnvuRqAJGVGhxsYbM5jl6W4iuDcA7Ltdr7oDV8rt9WawHcPIh6vioP%2B%2FdBk7mGyJjX6mKwdk7TaINKM6I3ycFug%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 8591d21c5d1d74b2-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 upload.js Show response
postimgs.org/167/ 26 KB
9 KB 215ms
39ms Script
application/javascript 2606:4700:3031::6815:2b1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/upload.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2b1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 579f7afffec025181ef2723ce9e8376f407c37419bc5345c28e5a868788add6f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3174
etag: W/"5b9f3532-6958"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzACKs%2FR9X%2B2R84FrUnurVpHyzDtklR7UrscID%2FYLy3tNcRsKtFGren1ndkU1f6jqB0dXokglPzEOXa67kC4upmEXsr6GrJ%2BKohwJm7z4QEj8EAOKjbWPaNH4%2B%2Bmyct%2Fd1P1m7KprqieKj8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 8591d21c5d1a74b2-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 webfont.woff2
postimgs.org/font/awesome/ 7 KB
7 KB 161ms
58ms Font
font/woff2 2606:4700:3031::6815:2b1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/font/awesome/webfont.woff2
Requested by: Host: postimgs.org
URL: https://postimgs.org/167/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2b1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9be248eee3efff14af2a4d91b67a0da6b9fa4a3aeeca3136671c686d8b822be

Request headers

Referer: https://postimgs.org/167/style.css
Origin: https://postimages.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 200
alt-svc: h3=":443"; ma=86400
content-length: 7084
last-modified: Fri, 09 Jun 2017 21:50:06 GMT
server: cloudflare
etag: "593b180e-1bac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfoABn8c7N35Va721wBBm2LjEWOGP65e3jqBt3ilasHSY%2FQaCXmfggWAiBYgaHYXsDdx9DGlv8RLV0s4MsksavzpM%2BKwNeqT5WYABJ9OfFTzAnxXoGzdvamDcwO%2B9LL0RqcuXNQMQpcNklI%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8591d21e08387483-MIA

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/ 407 KB
138 KB 267ms
133ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0089230217619fbaaddf3e6575ae7841aa378c159bf5f9b1e4a59cdc5078aa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141307
x-xss-protection: 0
server: cafe
etag: 12379499571440698331
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:43:18 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240220/r20190131/ Frame 0727 9 KB
5 KB 223ms
70ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240220/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14677
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 16:38:41 GMT
etag: 3890843268177463596
expires: Wed, 06 Mar 2024 16:38:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 57AE 318 KB
81 KB 647ms
644ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&adk=1812271804&adf=3025194257&lmt=1708548198&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpostimages.org%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198102&bpp=20&bdt=513&idt=523&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8493496452554&frm=20&pv=2&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=585

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8446e5a869f03ce8cef044fcc935d0ac9eeec1a9fa19c7d95f7cd72fc555ba16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 82629
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:19 GMT
expires: Wed, 21 Feb 2024 20:43:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9E83 24 KB
10 KB 1056ms
1039ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c62b3bbcbb94b6280e8f04503cac7f0664d696dbf0170819f1e132e3805a828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10283
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:19 GMT
expires: Wed, 21 Feb 2024 20:43:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3DBF 127 KB
42 KB 588ms
576ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198128&bpp=2&bdt=539&idt=655&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=665

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07ac6e214a833c4bfff5dbc745d0daf4fb5538a4a77652af1399267cf94dc735

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43315
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:19 GMT
expires: Wed, 21 Feb 2024 20:43:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/ 166 KB
56 KB 118ms
116ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71ed6d1513578ededcd2e8bdf94a057daf9c050a7a3bb728ebf9a5469da4d5fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57350
x-xss-protection: 0
server: cafe
etag: 6318664227015198700
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:43:19 GMT

GET
H2 200 ca-pub-0776200265208929 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 508ms
101ms Script
application/javascript 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-0776200265208929?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ef08532ea47d0f77b5d07704ea0c3caff9c7825bf8bcfd1a9e50ff633a2098dc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-29fux2mWr7fHz0NRB8PjKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:19 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-29fux2mWr7fHz0NRB8PjKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzj6mHU4pJi8NaQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZBL4-pJJAoi1gPid5Cumb0C8w8eDhW_ddFYVIDZcP501Eohjnk9nTQHixawzWFcDsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6O5wdurmMTaGhae5IZAIIsQCs"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5d115d22c534f80a76417856e32eef9c.js Show response
www.gstatic.com/mysidia/ Frame 3DBF 8 KB
4 KB 438ms
62ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5d115d22c534f80a76417856e32eef9c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198128&bpp=2&bdt=539&idt=655&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=665

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 03:56:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3749
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 00:22:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 21 May 2024 03:56:12 GMT

GET
H2 200 39b1936085524998ebfc7677a2ba517e.js Show response
www.gstatic.com/mysidia/ Frame 3DBF 10 KB
4 KB 440ms
64ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39b1936085524998ebfc7677a2ba517e.js?tag=text/vanilla_highlight_ms

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1a9b4d4a874d9284ffcbc5f13a10e05dbfc8697abedafdaa52f0b86d6e345b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 18:38:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 525882
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4466
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 18:38:37 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3DBF 14 KB
2 KB 458ms
83ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Feb 2024 20:43:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Feb 2024 19:08:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Feb 2024 20:43:19 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 3DBF 2 KB
903 B 78ms
76ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:51:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 20:51:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 3DBF 23 KB
9 KB 66ms
65ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 3DBF 3 KB
1 KB 72ms
67ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 3DBF 20 KB
8 KB 439ms
65ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 12:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28018
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 12:56:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 3DBF 204 KB
61 KB 66ms
64ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48639bd7695fc270e23859d9b74231f49bc78f05e3a96ed0332a9b0b80d8c2e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 19:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62854
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:51:19 GMT

GET
H2 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 3DBF 36 KB
15 KB 68ms
65ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:53:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496163
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 16 May 2024 02:53:57 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 15E3 624 B
246 B 115ms
113ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjWu8yBAjAB&v=APEucNXxkIz_k2ag-yBwtBlCyI__0zg-P3fLORK7IiqtgBEZv7JaxC3dB_2b878AwiqgNxLkTCs_86xwRDGkIdUWQR9H6RbMFg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:20 GMT
expires: Wed, 21 Feb 2024 20:43:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2652 93 KB
33 KB 134ms
129ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:43:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 2652 3 KB
1 KB 84ms
74ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 2652 20 KB
8 KB 73ms
66ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 12:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 12:56:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2652 204 KB
61 KB 68ms
64ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48639bd7695fc270e23859d9b74231f49bc78f05e3a96ed0332a9b0b80d8c2e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 19:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62854
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:51:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2652 42 B
63 B 139ms
136ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DDExupoBzMJ9HHRptwZtbYcpDIGOIb6sbSTUq-ZFYWkBgJqWDmjwrT4rogIAEzY7vOM4W4MiAWvtRI0VmEaFkMPVmkPsU_xYVT-ZFEqmgYsDSsv94

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8577 143 B
166 B 67ms
65ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198128&bpp=2&bdt=539&idt=655&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=665
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 3094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 19:51:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3DBF 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09b523db292499678c3046b9ce943c627007d83510e3667b1708e0c448473ac4

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/ Frame C44B 9 KB
4 KB 71ms
69ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 13796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 16:53:24 GMT
etag: 3890843268177463596
expires: Wed, 06 Mar 2024 16:53:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/ Frame 938E 9 KB
4 KB 65ms
63ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 13796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 16:53:24 GMT
etag: 3890843268177463596
expires: Wed, 06 Mar 2024 16:53:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxWyc8O43-SMGpfm689-a4p4Wwrp36g9a3Skl5YYeVMkaDoCJllYb271GWNwepHvw5rZCNntZA5UVJjTg8FbrmhX21h-FM0R_OonRSLVXSqLc1UY3oQ4ArWQsnHa_EA4LCdTC_MGzA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 106ms
95ms Script
application/javascript 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWyc8O43-SMGpfm689-a4p4Wwrp36g9a3Skl5YYeVMkaDoCJllYb271GWNwepHvw5rZCNntZA5UVJjTg8FbrmhX21h-FM0R_OonRSLVXSqLc1UY3oQ4ArWQsnHa_EA4LCdTC_MGzA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NTQ4MjAwLDMxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCIyYmJmV3JXNThwdyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.2bbfWrW58pw.es5.O/am=wA/d=1/rs=AJlcJMwqbpGH3HIJje-6FO0XBHPaXSUE6Q/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7e0502b1021da089ba5a624429eaba9e639c8b2ee46330930fe0354cf81cda2b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-raxG7nNLU3op9cdddCLEIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-raxG7nNLU3op9cdddCLEIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJi8NSQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZBL4-pJJAoi1gPid5Cumb0C8w8eDhW_ddFYVIDZcP501Eohjnk9nTQHixawzWFcDsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OFwdurmMTmNH8aTsjAIIwQHQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 15E3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1

43 B
769 B

98ms
97ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjWu8yBAjAB&v=APEucNXxkIz_k2ag-yBwtBlCyI__0zg-P3fLORK7IiqtgBEZv7JaxC3dB_2b878AwiqgNxLkTCs_86xwRDGkIdUWQR9H6RbMFg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtWGzcvtVCuAR4y1FF9BagPh2qMHZMOZMWukwiT09JKGtfMECqGz23FCQVxjv%2BYPwwqucJ4eGfNMHMlX%2BWTLy5xum6jSDXP8kyZEYq63N7NzhoDlutXuNq8azMX5Fvc2ckX78KIR9phnkw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8591d22df9792878-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 15E3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdZgaNHM474AAGX2ACsBigAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1

43 B
731 B

85ms
84ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjWu8yBAjAB&v=APEucNXxkIz_k2ag-yBwtBlCyI__0zg-P3fLORK7IiqtgBEZv7JaxC3dB_2b878AwiqgNxLkTCs_86xwRDGkIdUWQR9H6RbMFg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5oBamtonS9mb4XwyIuImLwNqC19EmMsNCgtqc%2FrLKDpd2QGk%2BI3B1hN48PiidD4LxRRibdCIbL7BBxQdfkkNTaHNQwcMyFp214onsp6N5BrUO%2FeDGGR8BDJ5FdLJwKKoT3sR7Q5JKVAywg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8591d22f7c352878-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDv0GA_g_7DZdJlOZ-secBs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 15E3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEC2BxvFk8rOYbW8Ir3VjCKM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC2BxvFk8rOYbW8Ir3VjCKM%26google_cver%3D1

43 B
1 KB

93ms
84ms

Image
image/gif

68.67.161.208
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC2BxvFk8rOYbW8Ir3VjCKM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjWu8yBAjAB&v=APEucNXxkIz_k2ag-yBwtBlCyI__0zg-P3fLORK7IiqtgBEZv7JaxC3dB_2b878AwiqgNxLkTCs_86xwRDGkIdUWQR9H6RbMFg

Protocol

Server

68.67.161.208 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
an-x-request-uuid: ba295008-dd33-4546-ad6d-6a29916d3b0e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.67; 38.132.118.67; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
an-x-request-uuid: b9115baa-17e4-4c5d-858e-e67b8af21714
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC2BxvFk8rOYbW8Ir3VjCKM%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.67; 38.132.118.67; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 15E3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxMjkxODIyNDEyMTI1MTc3OQ%3D%3D

170 B
243 B

83ms
81ms

Image
image/png

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxMjkxODIyNDEyMTI1MTc3OQ%3D%3D

Requested by

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
an-x-request-uuid: bd91aea2-b184-4362-bb2a-700030cf80c4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxMjkxODIyNDEyMTI1MTc3OQ%3D%3D
x-proxy-origin: 38.132.118.67; 38.132.118.67; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2652 0
20 B 134ms
132ms Ping
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4791719859659&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2652 0
20 B 146ms
145ms Ping
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4791719859659&version=m202401290101&ct=76&x=1&cor=4847032551229497000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2652 107 KB
41 KB 124ms
123ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQsaNpl1Xc2GMrcWlgqCI2iacI2cL66keSoIoyxrgxTTSpl6X6TZ4lgfaJX69abdeeGryIAS4wLVj7vy-N4lRDnZZJnAKric0yYt3Hi3p_I34oDv0Ga9GnuOFWL1-MSRGhcpY74eudMEKSvd6OFxSwNyHvMlGBXKuuvGQum-xZhpTbS6M&dbm_d=AKAmf-AcWFBl54QajUjyBgXGXfL-23alsUHXX0bGdxhQgYQMh0WtRyXSh-Cxt0MWrdtslFgQ9PahElN-jL9rD8kfIFAY3tM80RdRCWWBtyCK1Tl53aNpwPhn1ACbKXHkSs_uTUmPtG5RvgpOyUP_e93t9ydwy54_TXAQyfQLXwy_Zwiz1D3fivpUtnpBxy0iucprzn-gEHdQr-8DHgSMEcYE1UVfJHJrbeZ-cIW49X8ZZkIfGXTQZn0mtXcB8o2eLDGqQQjb1mIzfb5q75ZFPF3V1ef30I80_cnGvaT1oGiS4BNOE6pdLE4fQRH6GqQalswAoQvmE-f4a-5G2LQLpw-UTy7_ry5TyRTrqbvrQyL7tabPkM5ATMI-1qIkNM6DI51yo1s5YuyT3ZgeJx2afDhYL52D0OnmS8-EpqWPdtR8hllZI0uGlfegbFkLnv2Cw6GK1SDdLRsJvexVoQJlzFinp-nDZgN1RQYTTSJwZLTyxq9znfUQ3bW03iaVKLQTlpcb1OseaNlHDOu8XwEGSvxL5UGXhAhWyl7_xYlAdFf0yNtEIPneaWpG2r6XqODk9jk4TUmg8RrAg2l0iLJEIyDf47uHepvOCOGCNaCM4vn266H7RQA7B9l3Y032jKbhZH-4CJTctv5qBHgdgkW677xTLwGZFi2FyouU-lRP9PILsdYd8tf7I29FkwV3WX9iXQwcfJqxSHN41PV7XslnUnJx9zlVEg4tVTFPS8luvrpYGt8tprPNvR9smq62_GFGr8pO7H5t_zFVSBUttGSngh-dWHTZdQUf2FcrsyXEXM2L82NWI80yTvuKMhV6rVx5l5u0iDNN-QQ5-6YqxvdtcRhtvPP0QmFpB4WeITom70-4ZCmo2bFspw7woIMBkmrKE-2LaVLenC7GPQgvXuzmRaxxw1qwyT4jkB0P-ZSsXLTyJhQ_HUZn5Yl3n1CGMCKLQEnutFIkP1CMMjmZKgWR5D54I-XvzttcIt3T-NPA0g-2AWD95ehmDoPAhArzYiisdtbWcKrGBP8w81TcCr8FXxJt8x39ZiYdIGCoyRQTaUizSrxma-UXyghzkBfvXcsuRWi7X9vWx9UU0zPHEbCxabSm_M4zzNpkhTTFul0_5uStbXkUP_nsGDhLhTtBIAPrTTs6qWvz7wAX6pwXl_3zURqf7hnsduYsAwCk7kjUC9k9yP9bColsd5gmzyKXwU_ivItufdd0kwdajgLhc7zkoYZiMLiov0p8ZuIrqwnOhtZD92lH1wtuPkQTXjgwf1xKN8ldbc2yAofsNW-T7WMwYHRkJPAWGelrFA5UbZVqTxb30M4u2KNFuKK3n1R3bBO2Xnze_N2dYFGCjS39x8dC8-6eBTbKRUit6IS17Z04hs7hRV5evOsptqfvQXWoa8iTEur00UwVuHaNo1jOMeNaYUjz4tpY-eJghylJHbdgd7MqKunt9c9w4J4H_uhuKbcO1E2P39A3kqSxKYCWvuyLnPbFnvgsSz2ljMkwfGfs5oWfw980WswndKkGyPtXKsdmgZ07pbAmehBQGFfEdPOKhyp-Wna_CPiuCDmQY1DzAq0O1-Ag9BQOQ-MJcWwmy6VYYrdomUY89XLE2kyux9eib_LFDllBjbvFH5YslthxGWFvL1bmI7_yXKHyPSwOwR9loOHReqWD82JA7EN-ylL3eBkj1wnio55NjqoVf_RlKKu_ymlG0ZbYYjO7OagDZomXZ0tkoLUR3GfUlkFYdNWuMgjTGt6RK9ICH_1_BwzsgfQAg59y_BDaP3K5unnG96sncvB8o8bauy9y_Re9H5udBRU0E4dKNRcNVCslWrTUZKQwYfvRlJIkMXq4ZfcpHZ9ySwRng6Qmv0fbTEsCvHx4oKouyby13dAJocpqrnv17Z3rb5t7BuSahZOEFSQWCaUqtlLaYM7zZWibVWOPKuNUuYqy0KPBptm_7MHgT3FKrrQKa9QHgXA_I2hxyoLUIRyat7c3UggZHrLjzNDuSrCG7_99g2Ay_bniNhWumRMaRfLYovUj0JwBWeTfFeaPIjRooKkRXYznOfzIehRYf7kDjgx_HUQZ07s3ZAYquVylKQPv86aEHZyQ5DnUAzLRHt4U8WcSOGPxOP5T9ilwLR8yfJ4mOVf8gX0TRRYynDaIvr0LaXJIzcsIyEI15q4Zf-7syyY94tzJTegaK8HpNTdUzu3r5bWIkD05RW2tYH71Sbk9yYCX6AI0SIZpQNurkkmYiMJ6u2K8y3XtE36p1J07I3Zt7L3qhBhsH84KnTMVDp1_Khc8SMXZ3jrz10mdRDWeGWmc82QirI2P4OPdkdrn4rR9S53dUBBwlkfG5x_eSlBM0s1BiSYl6RZ8lwOx4hH-RNcEqMl5Zqo-x58x4FNhoS1bfQQyAh36M3VIG2SZa1lRgm-rdVi5SaSYKxwV90YWNlyF2HcRsaHUZIADsnCXzTWrPVjiT0jDpmu7o16PrBxslyNzsxDQhBHZAZUVg_ZWvjRsAYQVUhtqBL7II47M2ub6U48sLOqmdkzOQ-4CguXgnpw9PHvBvNCtD2RybhRw6z31Pdb9VFSNFHZWrULSTIowiIrPq7KVT2Sez0iDS3dxVrp3lvk342_j153-c9BZZK0CzPVQ1UnDP9e8KsZ270GheGs1H697ScjXulUD6j1GFtj9UVKls5cBsMhX3_YbRDmCZXIGYT0yx4t2Hy2rqCmIJ8q7pAHA_fTHLdT3yEWsI-DP6KvXcyGQ2RLg35OHjZ87MGX0u0qeZKoLxqYoh4g96YcJ_auq6cMiPfKWn_a7q8_mrSzQWVnWtwpECbemPCriQ7qSzeLUIc5rgaiNFneyJSL8MI4lqjrE5eNvRp9_dJrDp-lpkjVPHN5aB3b3vqDkYkQhxi-ZOauMw7jaPfXA4POpOm6k8mU8wfZtaNTQbM9OyNK1_jgHWx-O0pUjjhQMSrO0wAdhH8Pt-h1xPRYGJFcusRHBXndaraPFJ1cAB7LGJ_iWxw_2RribWLfExabkN-gKA3QBByzsAbdP1F6PWpT7cNoE8wi-Ea3gLORgrukvNMkkUh1rJReuD_nhAnMn5fSOZ2vDxCMSBV37comCwEW5ByxkP7Y9bC4EP3uwq6dkTd-ZB45VylFVauGndzIrVyAkxRvYVZTxrkzla6IRE_KdjUL1EhVaubmZRB-6lFW2jVPsqLFXpjPiVvzjT2PqvZLyZi8e-0fRo6f3YlVXcQqzHZZmXV70e3ePG8UehBx6y4x-yYZf6b066cRBwrKO3cibRZV0obTeO5hN5lgjmSF9j4rRgDNzVa5Uc0Dyoi6rqCi6purKIGH4v17vWXYrGbrhAaWFIa3xFmsJxPPDBEj4dJgIZuL2qYF3eTeoaZiYgYhUAr5AYssRhSifXDk8ROElpI7X_Tdnu4lT2SKSKWeAm97i1TgJvGNBbH4qysPqkoqN7Bkt-hml4dZkraaU0C9ePOtfiItq4CmyKSrBDBlC2L70SVvMngTrL4CzP0NVSEc-coYOqJ65bIZgdiTKmiuxnd3dLkX9AOqQou3_urzWrKlTd0CUOc8FMoNz1IujSYJFE4A&cid=CAQSTgAvHhf_ZJXPgtIuLy6Uy2AbEmGlinEnlA1Ng12H_BjVi0tasCzcZ5Ja1BRB91ZC2-gjk_5U1t7tAHSJ5on4uaD4t_fDZbSgYeSzdyOPCRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fpostimages.org%2F&ds=l&xdt=1&iif=1&cor=4847032551229497000&adk=2124396031&idt=148&cac=0&dtd=39

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17174ef572da3778bd413ec9ff612c7d8124f3e68b37c12e8872bd6e68c96d8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41851
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 3DBF 33 KB
34 KB 243ms
65ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 18:24:54 GMT
x-content-type-options: nosniff
age: 526706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 18:24:54 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame C44B 5 KB
790 B 83ms
78ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Feb 2024 20:43:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Feb 2024 20:09:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Feb 2024 20:43:20 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame C44B 205 B
229 B 85ms
83ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 15:56:15 GMT
x-content-type-options: nosniff
age: 535625
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 14 Feb 2025 15:56:15 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame C44B 604 B
628 B 85ms
81ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 22:13:26 GMT
x-content-type-options: nosniff
age: 512994
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 14 Feb 2025 22:13:26 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame C44B 15 KB
6 KB 86ms
82ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 22:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6487
x-xss-protection: 0
server: cafe
etag: 9214289930287671984
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 22:15:14 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame C44B 22 KB
9 KB 87ms
83ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 22:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9141
x-xss-protection: 0
server: cafe
etag: 6041988417631582345
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 22:15:14 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8577
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

95ms
94ms

Document
text/html

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
expires: Wed, 21 Feb 2024 20:43:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 938E 23 KB
9 KB 70ms
69ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D441 143 B
166 B 79ms
77ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 3094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 19:51:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 938E 3 KB
1 KB 79ms
64ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 938E 20 KB
8 KB 82ms
66ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 12:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 12:56:21 GMT

GET
H3 200 4718651474668841309
tpc.googlesyndication.com/daca_images/simgad/ Frame 938E 24 KB
24 KB 112ms
93ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4718651474668841309

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fe12f4cf3307721e5beb68aff8b762dfcd1b16c56025bb31b952e1590ff6c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Fri, 14 Feb 2025 14:25:19 GMT
date: Thu, 15 Feb 2024 14:25:19 GMT
x-content-type-options: nosniff
age: 541081
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24298
x-xss-protection: 0
last-modified: Fri, 05 Jan 2024 16:00:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 938E 204 KB
61 KB 86ms
66ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48639bd7695fc270e23859d9b74231f49bc78f05e3a96ed0332a9b0b80d8c2e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 19:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62854
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:51:19 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 938E 36 KB
14 KB 122ms
101ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:59:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:59:15 GMT

GET
H3 200 AGSKWxU2oL1irOn0HbmoLhr44xwUsdq6s-QmjnoiC2zgXMkfhmLDcKPBCOQx2B4Eo20BjaPROuBgTCQX__ewgeJeIy3J-qswU46byBKU7l0ysTso0S_OBZ2RurASXkyqiM0q6-yODmv7Uw== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 105ms
104ms Script
application/javascript 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU2oL1irOn0HbmoLhr44xwUsdq6s-QmjnoiC2zgXMkfhmLDcKPBCOQx2B4Eo20BjaPROuBgTCQX__ewgeJeIy3J-qswU46byBKU7l0ysTso0S_OBZ2RurASXkyqiM0q6-yODmv7Uw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NTQ4MjAwLDYxMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcG9zdGltYWdlcy5vcmcvIixudWxsLFtbOCwiMmJiZldyVzU4cHciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc8f13ed15cfc25d5771407e846150a07d8488f1eea60ec8722369a0e5c64fdb

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-uzt9aQDCsOLUn5j3Dp-88g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:20 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-uzt9aQDCsOLUn5j3Dp-88g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNCQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZBL4-pJJAoi1gPid5Cumb0C8w8eDhW_ddFYVIDZcP501Eohjnk9nTQHixawzWFcDsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OFwdurmMT-LCmaT8TAH4HQIU"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1885389/77498460/ Frame 2652 271 KB
80 KB 593ms
65ms Script
application/javascript 107.21.115.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1885389/77498460/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015693116&ias_pubId=pub-0776200265208929&ias_chanId=1&ias_placementId=20992423143&bidurl=https://postimages.org/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h7opu923oYbMukZ1bNAmp9
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.115.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-115-196.compute-1.amazonaws.com
Software: /
Resource Hash: c4ca5ecc6a5be80d479e0475e3e337214d5e09333792a25b8cd6904aa3d66583

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 2652 111 KB
39 KB 542ms
64ms Script
text/javascript 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 14:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 14:11:17 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame 2652 12 KB
4 KB 82ms
78ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQsaNpl1Xc2GMrcWlgqCI2iacI2cL66keSoIoyxrgxTTSpl6X6TZ4lgfaJX69abdeeGryIAS4wLVj7vy-N4lRDnZZJnAKric0yYt3Hi3p_I34oDv0Ga9GnuOFWL1-MSRGhcpY74eudMEKSvd6OFxSwNyHvMlGBXKuuvGQum-xZhpTbS6M&dbm_d=AKAmf-AcWFBl54QajUjyBgXGXfL-23alsUHXX0bGdxhQgYQMh0WtRyXSh-Cxt0MWrdtslFgQ9PahElN-jL9rD8kfIFAY3tM80RdRCWWBtyCK1Tl53aNpwPhn1ACbKXHkSs_uTUmPtG5RvgpOyUP_e93t9ydwy54_TXAQyfQLXwy_Zwiz1D3fivpUtnpBxy0iucprzn-gEHdQr-8DHgSMEcYE1UVfJHJrbeZ-cIW49X8ZZkIfGXTQZn0mtXcB8o2eLDGqQQjb1mIzfb5q75ZFPF3V1ef30I80_cnGvaT1oGiS4BNOE6pdLE4fQRH6GqQalswAoQvmE-f4a-5G2LQLpw-UTy7_ry5TyRTrqbvrQyL7tabPkM5ATMI-1qIkNM6DI51yo1s5YuyT3ZgeJx2afDhYL52D0OnmS8-EpqWPdtR8hllZI0uGlfegbFkLnv2Cw6GK1SDdLRsJvexVoQJlzFinp-nDZgN1RQYTTSJwZLTyxq9znfUQ3bW03iaVKLQTlpcb1OseaNlHDOu8XwEGSvxL5UGXhAhWyl7_xYlAdFf0yNtEIPneaWpG2r6XqODk9jk4TUmg8RrAg2l0iLJEIyDf47uHepvOCOGCNaCM4vn266H7RQA7B9l3Y032jKbhZH-4CJTctv5qBHgdgkW677xTLwGZFi2FyouU-lRP9PILsdYd8tf7I29FkwV3WX9iXQwcfJqxSHN41PV7XslnUnJx9zlVEg4tVTFPS8luvrpYGt8tprPNvR9smq62_GFGr8pO7H5t_zFVSBUttGSngh-dWHTZdQUf2FcrsyXEXM2L82NWI80yTvuKMhV6rVx5l5u0iDNN-QQ5-6YqxvdtcRhtvPP0QmFpB4WeITom70-4ZCmo2bFspw7woIMBkmrKE-2LaVLenC7GPQgvXuzmRaxxw1qwyT4jkB0P-ZSsXLTyJhQ_HUZn5Yl3n1CGMCKLQEnutFIkP1CMMjmZKgWR5D54I-XvzttcIt3T-NPA0g-2AWD95ehmDoPAhArzYiisdtbWcKrGBP8w81TcCr8FXxJt8x39ZiYdIGCoyRQTaUizSrxma-UXyghzkBfvXcsuRWi7X9vWx9UU0zPHEbCxabSm_M4zzNpkhTTFul0_5uStbXkUP_nsGDhLhTtBIAPrTTs6qWvz7wAX6pwXl_3zURqf7hnsduYsAwCk7kjUC9k9yP9bColsd5gmzyKXwU_ivItufdd0kwdajgLhc7zkoYZiMLiov0p8ZuIrqwnOhtZD92lH1wtuPkQTXjgwf1xKN8ldbc2yAofsNW-T7WMwYHRkJPAWGelrFA5UbZVqTxb30M4u2KNFuKK3n1R3bBO2Xnze_N2dYFGCjS39x8dC8-6eBTbKRUit6IS17Z04hs7hRV5evOsptqfvQXWoa8iTEur00UwVuHaNo1jOMeNaYUjz4tpY-eJghylJHbdgd7MqKunt9c9w4J4H_uhuKbcO1E2P39A3kqSxKYCWvuyLnPbFnvgsSz2ljMkwfGfs5oWfw980WswndKkGyPtXKsdmgZ07pbAmehBQGFfEdPOKhyp-Wna_CPiuCDmQY1DzAq0O1-Ag9BQOQ-MJcWwmy6VYYrdomUY89XLE2kyux9eib_LFDllBjbvFH5YslthxGWFvL1bmI7_yXKHyPSwOwR9loOHReqWD82JA7EN-ylL3eBkj1wnio55NjqoVf_RlKKu_ymlG0ZbYYjO7OagDZomXZ0tkoLUR3GfUlkFYdNWuMgjTGt6RK9ICH_1_BwzsgfQAg59y_BDaP3K5unnG96sncvB8o8bauy9y_Re9H5udBRU0E4dKNRcNVCslWrTUZKQwYfvRlJIkMXq4ZfcpHZ9ySwRng6Qmv0fbTEsCvHx4oKouyby13dAJocpqrnv17Z3rb5t7BuSahZOEFSQWCaUqtlLaYM7zZWibVWOPKuNUuYqy0KPBptm_7MHgT3FKrrQKa9QHgXA_I2hxyoLUIRyat7c3UggZHrLjzNDuSrCG7_99g2Ay_bniNhWumRMaRfLYovUj0JwBWeTfFeaPIjRooKkRXYznOfzIehRYf7kDjgx_HUQZ07s3ZAYquVylKQPv86aEHZyQ5DnUAzLRHt4U8WcSOGPxOP5T9ilwLR8yfJ4mOVf8gX0TRRYynDaIvr0LaXJIzcsIyEI15q4Zf-7syyY94tzJTegaK8HpNTdUzu3r5bWIkD05RW2tYH71Sbk9yYCX6AI0SIZpQNurkkmYiMJ6u2K8y3XtE36p1J07I3Zt7L3qhBhsH84KnTMVDp1_Khc8SMXZ3jrz10mdRDWeGWmc82QirI2P4OPdkdrn4rR9S53dUBBwlkfG5x_eSlBM0s1BiSYl6RZ8lwOx4hH-RNcEqMl5Zqo-x58x4FNhoS1bfQQyAh36M3VIG2SZa1lRgm-rdVi5SaSYKxwV90YWNlyF2HcRsaHUZIADsnCXzTWrPVjiT0jDpmu7o16PrBxslyNzsxDQhBHZAZUVg_ZWvjRsAYQVUhtqBL7II47M2ub6U48sLOqmdkzOQ-4CguXgnpw9PHvBvNCtD2RybhRw6z31Pdb9VFSNFHZWrULSTIowiIrPq7KVT2Sez0iDS3dxVrp3lvk342_j153-c9BZZK0CzPVQ1UnDP9e8KsZ270GheGs1H697ScjXulUD6j1GFtj9UVKls5cBsMhX3_YbRDmCZXIGYT0yx4t2Hy2rqCmIJ8q7pAHA_fTHLdT3yEWsI-DP6KvXcyGQ2RLg35OHjZ87MGX0u0qeZKoLxqYoh4g96YcJ_auq6cMiPfKWn_a7q8_mrSzQWVnWtwpECbemPCriQ7qSzeLUIc5rgaiNFneyJSL8MI4lqjrE5eNvRp9_dJrDp-lpkjVPHN5aB3b3vqDkYkQhxi-ZOauMw7jaPfXA4POpOm6k8mU8wfZtaNTQbM9OyNK1_jgHWx-O0pUjjhQMSrO0wAdhH8Pt-h1xPRYGJFcusRHBXndaraPFJ1cAB7LGJ_iWxw_2RribWLfExabkN-gKA3QBByzsAbdP1F6PWpT7cNoE8wi-Ea3gLORgrukvNMkkUh1rJReuD_nhAnMn5fSOZ2vDxCMSBV37comCwEW5ByxkP7Y9bC4EP3uwq6dkTd-ZB45VylFVauGndzIrVyAkxRvYVZTxrkzla6IRE_KdjUL1EhVaubmZRB-6lFW2jVPsqLFXpjPiVvzjT2PqvZLyZi8e-0fRo6f3YlVXcQqzHZZmXV70e3ePG8UehBx6y4x-yYZf6b066cRBwrKO3cibRZV0obTeO5hN5lgjmSF9j4rRgDNzVa5Uc0Dyoi6rqCi6purKIGH4v17vWXYrGbrhAaWFIa3xFmsJxPPDBEj4dJgIZuL2qYF3eTeoaZiYgYhUAr5AYssRhSifXDk8ROElpI7X_Tdnu4lT2SKSKWeAm97i1TgJvGNBbH4qysPqkoqN7Bkt-hml4dZkraaU0C9ePOtfiItq4CmyKSrBDBlC2L70SVvMngTrL4CzP0NVSEc-coYOqJ65bIZgdiTKmiuxnd3dLkX9AOqQou3_urzWrKlTd0CUOc8FMoNz1IujSYJFE4A&cid=CAQSTgAvHhf_ZJXPgtIuLy6Uy2AbEmGlinEnlA1Ng12H_BjVi0tasCzcZ5Ja1BRB91ZC2-gjk_5U1t7tAHSJ5on4uaD4t_fDZbSgYeSzdyOPCRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fpostimages.org%2F&ds=l&xdt=1&iif=1&cor=4847032551229497000&adk=2124396031&idt=148&cac=0&dtd=39

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 20:44:02 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 2652 30 KB
11 KB 84ms
79ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

719314f680a79defc6c02a7dbaff63da48911cbf418614226bde044fb02e065d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 21:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82803
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11551
x-xss-protection: 0
server: cafe
etag: 12710720872123804752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 21:43:17 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 2652 41 KB
14 KB 85ms
81ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 19:42:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3625
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 19:42:55 GMT

GET
DATA 200
OK truncated
/ Frame 2652 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe8c77c2b3d7f2dca63bb400c54e4408590d62bdb0665edb8d70ab0ed3d3e6ad

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame C6B2 14 KB
1 KB 85ms
84ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Feb 2024 20:43:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Feb 2024 19:48:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Feb 2024 20:43:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame C6B2 2 KB
822 B 72ms
66ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:51:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Mar 2024 20:51:38 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame C6B2 23 KB
9 KB 72ms
67ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6391 143 B
166 B 119ms
67ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 3095
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 19:51:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame C6B2 3 KB
1 KB 67ms
65ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 16:24:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame C6B2 20 KB
8 KB 67ms
66ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 12:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Mar 2024 12:56:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C6B2 204 KB
61 KB 74ms
72ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48639bd7695fc270e23859d9b74231f49bc78f05e3a96ed0332a9b0b80d8c2e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 19:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62854
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:51:19 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame C6B2 36 KB
15 KB 78ms
77ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:53:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496163
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 16 May 2024 02:53:57 GMT

GET
DATA 200
OK truncated
/ Frame 938E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a0cdf281b5aa122dcc51b0afe5e1164854bab6e79369092af90689c4fade857

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D441
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

104ms
103ms

Document
text/html

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
expires: Wed, 21 Feb 2024 20:43:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8A03 38 KB
13 KB 89ms
63ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 483819
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 06:19:42 GMT
expires: Sat, 15 Feb 2025 06:19:42 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 938E
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cj-nfZmDWZZbkL4brkPIP5P2zwAuI5LO2dZyAk9rvEcrd2qeGQhABIJHywAdgyYaAgNyjxBCgAezP5L4qyAECqAMByAPJBKoEzAFP0IclECkFnVyPCOPJMxs-_uhkYDlsQFwYPLnIY-taZj-...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x373ae0b6e6c0419a0000000000000000%22,%222%22:%220x6aebfbf6a63325d10000000000000000%22,%223%22:%220xb336bb...

0
0

564ms
132ms

Fetch
text/css

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x373ae0b6e6c0419a0000000000000000%22,%222%22:%220x6aebfbf6a63325d10000000000000000%22,%223%22:%220xb336bbd026d5b79b0000000000000000%22,%224%22:%220x339dcc8ee8f350d90000000000000000%22,%225%22:%220xd4b879d39efa15720000000000000000%22},%22debug_key%22:%2211841948636265388114%22,%22debug_reporting%22:true,%22destination%22:%22https://seatgeek.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211405961196%22],%2222%22:[%22true%22],%224%22:[%2202-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226832900301479935233%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.65.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x373ae0b6e6c0419a0000000000000000","2":"0x6aebfbf6a63325d10000000000000000","3":"0xb336bbd026d5b79b0000000000000000","4":"0x339dcc8ee8f350d90000000000000000","5":"0xd4b879d39efa15720000000000000000"},"debug_key":"11841948636265388114","debug_reporting":true,"destination":"https://seatgeek.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11405961196"],"22":["true"],"4":["02-21"],"6":["true"]},"priority":"500","source_event_id":"6832900301479935233"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Feb 2024 20:43:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Feb 2024 20:43:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x373ae0b6e6c0419a0000000000000000","2":"0x6aebfbf6a63325d10000000000000000","3":"0xb336bbd026d5b79b0000000000000000","4":"0x339dcc8ee8f350d90000000000000000","5":"0xd4b879d39efa15720000000000000000"},"debug_key":"11841948636265388114","debug_reporting":true,"destination":"https://seatgeek.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11405961196"],"22":["true"],"4":["02-21"],"6":["true"]},"priority":"500","source_event_id":"6832900301479935233"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A03 39 KB
15 KB 66ms
64ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 110051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15302
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:09:10 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6391
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

82ms
79ms

Document
text/html

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
expires: Wed, 21 Feb 2024 20:43:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:21 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 0608 50 KB
19 KB 66ms
66ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2eb04e300901a3a3cd45287b3dfb91127a5771bd68dfdb86f3b619aecf0ed44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:12:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19580
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:12:47 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 310ms
137ms Preflight
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 21 Feb 2024 20:43:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15313612520504161112/ Frame 969D 19 KB
5 KB 208ms
67ms Document
text/html 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15313612520504161112/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d2fc53dd9d563c5e321dc06aa57291166c2cc7535a43e3aefb36f2e7f027346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 572390
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4881
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 05:43:31 GMT
expires: Fri, 14 Feb 2025 05:43:31 GMT
last-modified: Fri, 22 Dec 2023 07:40:54 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2652 0
0 304ms
111ms Fetch
image/gif 142.250.65.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUusK1M3-qy3hmL9za2IqxrNXKJ4m3KeeqrvBady4pA9XOCNS3gWANhMRrOd-7GsItUi2vI_vJwS9BDCsoQtNsBqzcuqGrfXKDVcq5RCWBbINP6UymQS8uEiP2h2vZ7pYk6BfjZR_aBYBwohhtmJ2Y7PUUYxgR_T_9_gXXBltFaeAUkHwRY_aibz8gHwJMrYsZxFsihMqI9je5SuwlaelmU23ncQH3z2XdLrncg5VCPXpexIuTJ5GNauVJpUZmrHi9Esm-pxm3zB4NjW9no9Yz3s5d82f5R-7q8kCtWXuNALb1ZrU6Z8uZaIkxTNUqHxMNal4n0RlAVOyu6RXWwjke2pZbqUWm53zhlP8WXncjG-I_ozcYb8jVe1CALCC1s_ZHCqv3J0TicKUmgtP-AHyqMZv63Pu9HO89CwhhDUomAvMXC25kmIVMjQOfkdHVg7f5jPH15ZcS--AwOdo5o1FMaQIxFz-XRkKBjQva3puZy_oqCx5axAn-TSrVDQ-MS7WOk7o8fnAcfFYkVXpR7hIAGTLGmGdOfU7bX0d3XiaZdG1HMPEa-KrHqm7sT-HJ0K7TMQA4XRMpcfSrpqaTCaPgQK77_jyj3IQYxuJ4h3YZmFLky6VgEaSKjDC6P3iQs2WEFuVkJaOcp0PHgi-MkZ2TCz4-U5574TzC7MlpnIGzt_Sr8J3oTeiKpNP45QCd1sxchAzqC0bI7PbN96G8uwbXJ1-hlhqGKhluXhAVW0b9PDF1vt1uL5J6Dg3PNk5JWz0j3rH0PHg4E-u4BJnaol-KSK8PzM5fXyKknkM-FFBinr1-BXjftUMpdK4FWG-sL4nOhryaEO-Qf9DA1Sk5D3A4M0c_94lrdEFg9WuVrPvyK98ttcIege2wQFyyA2UJevi4N-VxdU2VM3q8olAiDlJLxGzTY7UKnbvJPQU9SWEshlFTVYAzX2It7tBZjXM32vSnaLa4G4-Opp-QdxCwgpp-ZMgfrl0IYLlQT6Su6TFUiTMU5raK_rt4wiI-9y9e57t-tmmpbU16cQL8Weg5ljaCg2h8xgkoxh0_1EeaLDHMmozR8S23HB6HglCVrCg3dRKjmNTbKgI6yXwCOWU7Xg_lQlSACgemrsaXPscxoYHVoLYM2OWlFuJOzUqkwE05AF1l00WsFrEpUngqe-L1NXXoIg_X_hkWch3VDC2szCBd6Q6TkrjHlIKOXXCm_VDFk5j21X-DmcEhv37X41mdqRUtLIJB2YYL2dxQpOMuRpZZLyaUEbOJWXTB0SI5Yj88W4bSl9hvdGbNYBn6AbwSWMGuKXSTDACSPQURXP11NuDoOv4VF3klqZ68lAhK3WKuxHB8BVW8sxwTDVNCmbDJ20fQuhinDKg43nfeQqQ7Xu9d87zmV0rq7yAv7Oo5FL0XfAzxxFCuYDWp&sai=AMfl-YRUz_lDcdk2JoGW7vEdXl1-eoqRtq2Jlk4Kq8qeNhHq3xCKHx0wnWFVVle_UZyBWutLtErOqLq3ATUXJLbNJhhRSLD4cpUXTwlqbgSncAPDO4X7oZ1tF3232ZPmKQendaxafigiJh6o1znnYSQBzOOV-3bAm4vgCd_GHDsZns7BJdbHZ-F3xQpv1En97jmatsSupxTzaU5qHzzVmkanP2KqmHv5BiMTezmf2wvIPOeDDtqSsb_cZdrL9xttPswArsN_5m75nBypQzWkdZ0o30uASuY0qp45fDLkBfljBAeH1imk8XGa_-IYyN8lPbhj&sig=Cg0ArKJSzNjpPAVLDlXoEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=635&cbvp=1&cstd=625&cisv=r20240215.98133&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Feb 2024 20:43:21 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Feb 2024 20:43:21 GMT

GET
H2

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 3DBF
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CEzrwZmDWZfmrO_Geur8P0L6EoAmpo-mAdt-x3bX7Efr_1JjnHBABIJHywAdgyYaAgNyjxBCgAbCU9ZYDyAEBqAMByAPLBKoExgFP0Jiu5uRHMXvqf5M2IjvPclthtE4PUGAUEelKcPF1cPM...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x726da0485fae69e90000000000000000%22,%222%22:%220x3316887f9a8481fe0000000000000000%22,%223%22:%220xa8d8f2...

0
0

436ms
134ms

Fetch
text/css

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x726da0485fae69e90000000000000000%22,%222%22:%220x3316887f9a8481fe0000000000000000%22,%223%22:%220xa8d8f24706f98b0e0000000000000000%22,%224%22:%220x684ba66c49c6cc3e0000000000000000%22,%225%22:%220x62f3ab4b4dd365410000000000000000%22},%22debug_key%22:%222446076507411617204%22,%22debug_reporting%22:true,%22destination%22:%22https://lucidspark.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22853363248%22],%2222%22:[%22true%22],%224%22:[%2202-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227271313439794286545%22}&andc=true

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Server

142.250.65.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x726da0485fae69e90000000000000000","2":"0x3316887f9a8481fe0000000000000000","3":"0xa8d8f24706f98b0e0000000000000000","4":"0x684ba66c49c6cc3e0000000000000000","5":"0x62f3ab4b4dd365410000000000000000"},"debug_key":"2446076507411617204","debug_reporting":true,"destination":"https://lucidspark.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["853363248"],"22":["true"],"4":["02-21"],"6":["true"]},"priority":"500","source_event_id":"7271313439794286545"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Feb 2024 20:43:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Feb 2024 20:43:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x726da0485fae69e90000000000000000","2":"0x3316887f9a8481fe0000000000000000","3":"0xa8d8f24706f98b0e0000000000000000","4":"0x684ba66c49c6cc3e0000000000000000","5":"0x62f3ab4b4dd365410000000000000000"},"debug_key":"2446076507411617204","debug_reporting":true,"destination":"https://lucidspark.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["853363248"],"22":["true"],"4":["02-21"],"6":["true"]},"priority":"500","source_event_id":"7271313439794286545"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 2652
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1885389/77498460/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015693116&ias_pubId=pub-0776200265208929&ias_chanId=1&ias_placementId=20992423143&bidurl=ht...
https://static.adsafeprotected.com/4a.js

2 KB
1 KB

593ms
78ms

Script
application/javascript

2600:9000:247b:b200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Server: 2600:9000:247b:b200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f10d5bdd8d60943848d514b3aa6e7d4d663e669069c8ed946ff4ed262a288a07

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: mquyMYJqCoGbAXGMW2KDLOw2mw5xZIC.
content-encoding: gzip
via: 1.1 e6b4dbead926e5325f87837a8678a68a.cloudfront.net (CloudFront)
date: Mon, 19 Feb 2024 18:45:01 GMT
x-amz-cf-pop: JFK52-P2
age: 179902
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 12 Feb 2024 18:45:00 GMT
server: AmazonS3
etag: W/"2105f244154aad4862ff53a961b1f1a4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 7YJRdeoJFg1QgjNsdfI4ueaA9PLdKVwduA-QkdZq5SEEBLqsoiMmdQ==

Redirect headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:21 GMT
server: nginx
x-server-name: app06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6B5A 91 KB
23 KB 822ms
72ms Script
application/javascript 2600:9000:247b:b200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:b200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 03:25:40 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 e6b4dbead926e5325f87837a8678a68a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 17774263
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 36yYYH-NftDoljRGf96vxBeuF8COd7ixrAO6UaSivEspmfNNQ_MH6Q==

GET
H3 200 susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 313C 50 KB
19 KB 77ms
76ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2eb04e300901a3a3cd45287b3dfb91127a5771bd68dfdb86f3b619aecf0ed44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:12:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19580
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:12:47 GMT

GET
H3 200 susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 894C 50 KB
19 KB 72ms
70ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/susE4wCQGjo81FKHs9-5ESeldxvWjf24bzthmuzw7UQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240220/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2eb04e300901a3a3cd45287b3dfb91127a5771bd68dfdb86f3b619aecf0ed44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:12:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19580
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:12:47 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 677ms
119ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOM0k,pingTime:-3,time:273,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:48%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:273,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B260~0%5D,as:%5B260~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,rmeas:1,rend:0,renddet:DIV,siq:50%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 298cf7279560ac3a1e63a8de9ac263b0.js Show response
s0.2mdn.net/sadbundle/15313612520504161112/ Frame 969D 118 KB
33 KB 67ms
62ms Script
application/x-javascript 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15313612520504161112/298cf7279560ac3a1e63a8de9ac263b0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f81ea40c2dca55d5703b4c2b6e828dee820d1df4265b7f0fa0e810c34da5d762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15313612520504161112/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Fri, 14 Feb 2025 07:12:26 GMT
date: Thu, 15 Feb 2024 07:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567055
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34218
x-xss-protection: 0
last-modified: Fri, 22 Dec 2023 07:40:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 662ms
118ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOM0u,pingTime:-6,time:283,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:283,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B270~0%5D,as:%5B270~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,rmeas:1,rend:0,renddet:DIV,siq:50%7D&tpiLookup=ao:postimages.org*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 150ms
130ms Preflight
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 21 Feb 2024 20:43:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
216 B 623ms
117ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOM18,pingTime:-2,time:323,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1503,beZ:1506,mfA:1513,cmA:1515,inA:1515,inZ:1520,prA:1523,prZ:1543,si:1554,poA:1556,poZ:1588,cmZ:1588,mfZ:1588,loA:1787,loZ:1792,ltA:1827,ltZ:1827%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:48%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:323,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B311~0%5D,as:%5B311~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:50,sinceFw:271,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 565ms
120ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOM29,time:386,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:386,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B373~0%5D,as:%5B373~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,rmeas:1,rend:0,renddet:DIV,siq:50%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 vastads. Show response
fundingchoicesmessages.google.com/f/AGSKWxWYk3jHmptzjvOVqx7tAgvK4S2J6Ig20UU6-oO_TBjxeFG9--bVx3dIWhSRliyIIzCe_ddDG3Ff3B4uv_XhSWtS93ln3vvA1MS3qn5K9lCKOCqnsgoOLa48SW2ggWO_7Mknjdd_5497Is2FtwG86Uur1sp0I... 54 B
110 B 93ms
92ms Script
application/javascript 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWYk3jHmptzjvOVqx7tAgvK4S2J6Ig20UU6-oO_TBjxeFG9--bVx3dIWhSRliyIIzCe_ddDG3Ff3B4uv_XhSWtS93ln3vvA1MS3qn5K9lCKOCqnsgoOLa48SW2ggWO_7Mknjdd_5497Is2FtwG86Uur1sp0IMzvGS5GsowfKW62ju0O63ZdcIkLdlfW/_/ads/index./embed/ads./lrec_ad./AdNewsclip15./vastads.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.2bbfWrW58pw.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwQlkBqXSKbD60UF2xBQWptXJNIrg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f368131e690090a4625d28f5a7518f1baf4122bf8f051e080f8f5f9430190b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EaeCvdGVkkxqGXQsOvwglA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-EaeCvdGVkkxqGXQsOvwglA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNCQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZBL4-pJJAoi1gPid5Cumb0C8w8eDhW_ddFYVIDZcP501Eohjnk9nTQHixawzWFcDsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OVwdurmMTuHF--g5GAH5hQJ8"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 113ms
113ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be87d5bafe3844fc341056653889e99ce928077c493862aa28460c7daeadf0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51139
x-xss-protection: 0
server: cafe
etag: 8806447496793915916
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Wed, 21 Feb 2024 20:43:22 GMT

POST
H3 204 AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 220ms
90ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-owFO9Jq3dz6kH_nz9obw7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-owFO9Jq3dz6kH_nz9obw7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw1ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xh14OY6NoEd979_YQQATGcWiA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 938E 42 B
174 B 160ms
159ms Fetch
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvevaxEtvx_cmwEywqyAuHF9sfH_rzW57-Hr0bCae8JEe1rD8kkPe1oH4ENIdqPQSCCrgTfVlcIjg52-526Rg4Yqp7zY3-iqy_GyLLeZZKiIOQ8jeSo3lqkbXvSnAgT0bOkANhSsbSdCFhoe614LQIG--x2LnqU5b5Hqp6DYHTeBadOsQ1nslu6-zhF8fE0U-9oWCd1n9zA0o5VSpNP7V4o6_IMoLBXE8ApdJkn_lyIsreoqHF9eWCJAWrdKO-WLdMSNH4UBqAm-q0zbum_YalQi2caLtSmsAdwKkx1XvKO7AvmBcdKgYEOjDkdyEzJLMO-SmTOuj5jwKbMfGr8tsocQFiPuPSxZGJT9-xP5Bw14lC5lgwV1meIEo2MKoyXa0YSce8buMud80SkIafNIv76oWDqRy15KZp7zPLKkpyJt4--MNuWMh15cG0_701hSd41AT3hLpx3sSo7Zha7xW102ytM8wXf9jrkyYOOL9Gsq9sSwl8ZNHogNtPkhjQlX-M89_LhbLFM1Ytzuxoohzq_waSmHX_yZuBi5tMbplAwxaGp14pMykiak1aCsrGz1nxExfQYJPEC8KSH06yBnS-wrqBq5XRXFs4CcBzoGAjV6MUnCwnVmGgF-vWGgKZZv3w6xPMVW0NzEllkO-f_SOARCdHxWq5yzVTZUM8he8U3il_BMEUPJWHvWp2z-6HytgHoM8ZofgKpiPlO3aIkcxnJsIchRl8nvW1uWBK2GpKuqa8WhynlA-KJk1TvMITan7UZP4Tfp1-ARSjyr5jiy2E944FJR6zlOcaczJVMKbgK6ffGcRT3slfg7cGrCP9USlGpMmXn39_O-BoTtmzaLXe7KB2UgeX97xB6VV2QvcABchitGl4_jtO1LIo2V_oLbvw1E4h0BbP6h5p5SgE44n4bExWC5VFcZ1NoXmAS1g5tNWgsDiVWLEYMgUfY_j0ibzAfhrgFZOj7RJh2F5OI8EtLpJXaohJcikf6PdEpzJ1dBz1Gc7kGrbT2lK_9yQQI5vvUxaTxYg4xxBHoI_PwLYM7_AhqW5xHa5m8_kCU4lY0bfMKgYwocAucqCnDT3zYt9ibYkQZpoBz9irBP24_6DlogHEnQBrc4gphSmWYGicW56VROhpE41_MSMWXb7sZlqkSNKwWMBgVuuwXUwwOgDr9XgjoKCaWgEM-7ztG6K1LHRnhLqzqvjNTWyIONFWDPs-QN5E-MgkjIRKEc-Oyjax2u5W6FqW7cOGSMUHJWq-xBqTWGpjfwW7Tu5nZa24Hxxc_nkhbEz7vg5OwBFMbIZJuXeJ1&sai=AMfl-YRzeYefhNNXOaQBTC4sll-pVQLMhdReNxa6nlPe6YGXywdmlTnzxLh4LkDeQXGOrtzabRIjpuEkPSi5zxmmWoC7hw39e0e2NpM-mAPD9vodPpMG6eXF6bjFFLN7E7K6olMzmfgmepkNsqYK6s-C-zjOScOt_4rsOp_i1U8&sig=Cg0ArKJSzO1RI-k64odIEAE&cid=CAQSTwAvHhf_J1yxTFjf1da0PSnu1PZ9GFj4zDvYrmpTxbxmL7pEH2tDkXQYQb96fbrnWRWosoJymzel1OEFr88cbNjoIFnI2FIGFDZp16LfwMoYAQ&id=lidar2&mcvt=1362&p=0,0,124,1005&mtos=640,1362,1362,1362,1362&tos=640,722,0,0,0&v=20240220&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=448100000&rst=1708548200283&rpt=657&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2652 42 B
108 B 155ms
154ms Fetch
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuweP_57JVFce1u-I8FzPxEMKsr8kJ6KFHXbld8rFfNU7XxLsDMwrONwxfb1DPciULakf8haxT_ibUCqGGcwgJzn17qLfGEYdUPMGkjMeqExYINGwddWrLdTzQCE9J4bZ4qo-3azbfnNv0D61XF6yQ6J_lJOW1Arls&sai=AMfl-YTCscJZKIls63aBXppoeocO0Cs1_AlGplcxWmvY5Ut49H0yjFlqXDBCmEPrNjGaFDx4XNuPcIqHEc3Xd2dje2vtcZM6QDcTN7ZMKfb_28Yd-fE3BAkX94lSY6f3ko1MZM5n3CvIjaJjJ4TQjbJ0&sig=Cg0ArKJSzMwqaO5eV8m3EAE&cid=CAQSTgAvHhf_ZJXPgtIuLy6Uy2AbEmGlinEnlA1Ng12H_BjVi0tasCzcZ5Ja1BRB91ZC2-gjk_5U1t7tAHSJ5on4uaD4t_fDZbSgYeSzdyOPCRgB&id=lidar2&mcvt=1318&p=0,0,90,728&mtos=1318,1318,1318,1318,1318&tos=1318,0,0,0,0&v=20240220&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1184666797&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=448100000&rst=1708548199956&rpt=1039&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3DBF 42 B
64 B 140ms
139ms Fetch
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuHBmp7zEEDeH9n8FAsZ_YT9uw0-OIcxNVr1T3qXE9jtJdVO7VNswB5Hm8MA3bQJgKeBLH58lLWt92mFddN3tiR6ftuw_NqQEwxyiANm4iB0C0CuzkdMlnmqy_N4LNWFzl3vwsN5S9xNS-ohFi2CJ7WUlEmhWobv8w&sai=AMfl-YQ0mC4tU08wFtfM6Oct5wyD3Zb2Vy0OVxKFnRPUM8wTqYSaYVSEaiTJeyUSop3cYA7dlc19UaHrSoxtMCiDY8FuBwjKbIWGgT2UefJ6Hk2Bi2tGyqPA-BEWAb4SwQukMI6tH7N3MkbqkFRYaJHROw&sig=Cg0ArKJSzPocMP0jD64qEAE&cid=CAQSTwAvHhf_7NcJcy84FCPw7EHkGdcfXO8bbEgvVnpqRGG0jjjKCjZZUpaw22uTb31Mn_IfS1niPbh-N2XYRlWoYg5Lpe9khtp-UQdlG_SVpukYAQ&id=lidar2&mcvt=1289&p=0,0,280,1200&mtos=1289,1289,1289,1289,1289&tos=1289,0,0,0,0&v=20240220&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=750852199&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=448100000&rst=1708548198795&rpt=2614&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET css
fonts.googleapis.com/ Frame 969D 0
0

GET 69fd76e6469f8463e7777fa658d582dc.png
s0.2mdn.net/sadbundle/15313612520504161112/media/ Frame 969D 0
0

GET 2ba67618943d6a7f8bdfdf5f54bfe669.svg
s0.2mdn.net/sadbundle/15313612520504161112/media/ Frame 969D 0
0

GET 6d98a21af1e0c1b28918800bd6335c0e.svg
s0.2mdn.net/sadbundle/15313612520504161112/media/ Frame 969D 0
0

GET da98d821dc65b31ea9f22d878ac5ae02.svg
s0.2mdn.net/sadbundle/15313612520504161112/media/ Frame 969D 0
0

GET abfb05c0f4f9862e5821223b67445c5e.svg
s0.2mdn.net/sadbundle/15313612520504161112/media/ Frame 969D 0
0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2652 0
63 B 105ms
103ms Ping
image/gif 142.250.65.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstPkd-nm1Gpxd9zq8Fl-6K5bD80t5tMM5pURtvO3wN7sSkwxPat5BiFZxG_1RfY6dFnEwPACspD_3-pNXKJZXhkctFmlQ821KRdel9S_BJbX50-_91EtpsMc6FvEsr0PM2yRuW7usKI7BXgkZKOmMN1l3JdQAW7qDly6G1v9Xb8fVS_ja0AkRQ5bZUfXljPYz-cCCAzLmW22jNhjBmhrNPNje52u1ffcH-L3OFQmA&sai=AMfl-YRfhM6I3-LklTN6OdwbRmB6agCY8BjTtqvFfJ1n3belJOmnUnRQeWTI4h1XwSKBiS-b96rnE1X1_0kzUGe3Vod8vPpVaiAIg2sKF4iA68a0TNUBdX5YSUTyu98DbbiqPvVEIkNX6nXBlubD58Pz_r_B9vU&sig=Cg0ArKJSzIujTeaHzWtxEAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 93ms
92ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q9WQYFY1bBXBuD8g6RKRgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-q9WQYFY1bBXBuD8g6RKRgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw0ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xh14OY6NoEXZ65eYAYATCkWYA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://postimages.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 passback_728x90.js Show response
static.adsafeprotected.com/ Frame F245 3 KB
2 KB 69ms
69ms Script
application/javascript 2600:9000:247b:b200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_728x90.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:b200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 10:05:57 GMT
x-amz-version-id: BMDmVeG18LcgsgmLJH9yXJDgb3k6n4r4
content-encoding: gzip
via: 1.1 e6b4dbead926e5325f87837a8678a68a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 556646
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:52 GMT
server: AmazonS3
etag: W/"696b4c19d35efd706805137a8a4b3831"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: b8P2TaiPJmfw95q0U49yxlzxivSUv56kWvsZkUrwJNiQGNuRO1ABUA==

POST
H3 204 AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 121ms
120ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Vke8u8XN9243uKESxMmTdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Vke8u8XN9243uKESxMmTdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw0ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi5nh94OY6NoGGcxsEATF8FQs"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 136ms
135ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kSMpwiU_8j42Csue7-Yc-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-kSMpwiU_8j42Csue7-Yc-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw1ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi5nh94OY6NoELi8_IAAAysxVY"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWiCNc4Vk772my7vQpqL6ya1isOWmdQYNH01zGQEW6YGrkTCRBJfe0fWNPJQSpRN7Tg7qgXKwPjO9qa8c5wwYukVSBWI6vWdtlOkpoXuxkZZXnOp67dQVoMx4MQQikSmUVW6Uvpkw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 99ms
98ms Script
application/javascript 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWiCNc4Vk772my7vQpqL6ya1isOWmdQYNH01zGQEW6YGrkTCRBJfe0fWNPJQSpRN7Tg7qgXKwPjO9qa8c5wwYukVSBWI6vWdtlOkpoXuxkZZXnOp67dQVoMx4MQQikSmUVW6Uvpkw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NTQ4MjAyLDk2OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCIyYmJmV3JXNThwdyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b7522979e54d2882c7932bc86a142a47b319c5ac06e28380b7a6b735e31c6e0e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Z0zqGRpnCND5tG8Vo97oCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Z0zqGRpnCND5tG8Vo97oCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJiCNCQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZBL4-pJJAoi1gPid5Cumb0C8w8eDhW_ddFYVIDZcP501Eohjnk9nTQHixawzWFcDsVP6DNYQIP6cOYP1NxD71M9gjQNiIW6O1wdurmMT2DFvLQ8ARX0_xw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A03 0
22 B 153ms
152ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BcKisaGDWZa_wG-2EnboPhfim6AIAAAAAOAHgBAI&bg=!IyClIG_NAAZ3BdUuVwU7ADQBe5WfOLnSfSIu8v_lpYK3Sj6ZyNeIuiTdHkJrGqCNY-wdMVbtDCtkDWroIFXsaovp3m2gAgAABdlSAAAAM2gBBwoAL8Wh2gBdOVqWOoq_N5x5Ml3XsBDZxQGZar2iUdzBsNhosb8SDpcyRmqOTMYWM-zimQMMdgsZ-Z8h7-H2VlDs9UYJdS-figv8RcdkOwnmRkF8k-LjsSa45FHZsSaCAzlLIQOdAH7SoQ6FYzbz2_au_3nXYjdAFm9GsLU0xnSt6eDtZl7VlaH19jz6Z3aY5fNi-JvyDjzDcaoA-z2nxiTcxWE7nk5RjYwc73K-2QduEw-OhvgXK58r4aZ1NlkmUvUkB149ymYqGLkG56kjvnMg3zmg0HFVqiS4B_W8GzMRKWbHl63oSYqK4aVcgSEMOrA1D6SpzemKOQZmBqwN-5-D2S19weaIsb7gh8E6OcKit7zp2ytsaUyK6J0qzOZMxO3TZgzwGQQVc2-vwsWsbOld7Db4FrDKi27UVtfmn9u6r9dyw-c1FOOly3ZQU8DCVmYRzSokTAqsUFp3UUt1dGJajvelRt6XNo-aiYmVEuYKpbAGvqTqCURuWHQt-PDvfwHvUrkhY0wJ3l2zeuzxF8yAEBS3bMga1AtmfCXGiBOwdeAj30zV6aR5TAqmcoiHU0dFGeyZzJEqZjD4R_TrSy-mkrXq2cKk2hQv1K1uDtJlnXyD1kQIbRbB2saKH06HA-F5Lq_U1JzW-kU-5UrmS4Jd84AMaGVKoyNOiL4u-SleQxOMrES2HTqtRf6m9D_BQEQHyl26xxwwp6ZSwPGVmAYZ4qeyIS9zUOdqLYoxJNRhaNYCQxHYQg72Esjv7e5EXMXqeIOWTfFTrkJWUBJgjl_fykPSZGTrDKFPlhgQFSk1Gg3SItTHWXq4sik9XyTQKwandtd1b87jqnwPqEVDnNnPaQS20aLRwAJoPOoH4bvztJLftDiK21zATCT3BrbW8T_DlbtWNptE9wyWn0F_yL_iRcsOJUK1BTxjA8t5N-vDK8nNq5CwdzzGl_LYGIB1qM81ZRC6O8xnegfP5WVVHuJ1BKyPA4cB_gZp8MVDz2bL2HI4N8uc5JguhzU8kpQKlTegEy5bVOS8z269e7AkNB6C6UM2A0oApfcCJjEE09RdWYwiov93LGydTSItUyYP664H7QizEQZV3Y9ruEm5C3Q1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 IAS_PassbackAds_728x90.png
static.adsafeprotected.com/ Frame F245 10 KB
10 KB 74ms
71ms Image
image/png 2600:9000:247b:b200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_728x90.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:b200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: 4DcA1UddzZ2E21bAiUECQTp8M854Vxlu
date: Thu, 15 Feb 2024 08:55:04 GMT
via: 1.1 e6b4dbead926e5325f87837a8678a68a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 560900
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 10216
last-modified: Fri, 18 Feb 2022 23:29:13 GMT
server: AmazonS3
etag: "b1464a7201f691a1e4cf6fc057919d7f"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
x-amz-cf-id: 3R1UFBQodWXz7_9Q2EQFwJjq7mpdOhC69-NA2bMZF1pGbORXEirAOw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 122ms
116ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOMlk,time:1575,type:e,env:%7Bnr_p:1%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1575,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1562~0%5D,as:%5B1562~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:993,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,rmeas:1,rend:0,renddet:na,siq:50,sis:1465%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:23 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 AGSKWxW08rYPkdwTDVrc_kAQD68uSk8qLGpspRPO3IenqmU2pcCP5QO5KlBgAYUa9T7OS-AtNVPqKFAYlwsHQZwWfNPuh-j2QlPnEG0TzGDXWsvpzFAFbLMRiBRc91zdDUl9OXhqpVeosQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 90ms
87ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxW08rYPkdwTDVrc_kAQD68uSk8qLGpspRPO3IenqmU2pcCP5QO5KlBgAYUa9T7OS-AtNVPqKFAYlwsHQZwWfNPuh-j2QlPnEG0TzGDXWsvpzFAFbLMRiBRc91zdDUl9OXhqpVeosQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5ggF3HB_OS796iKUJB6J7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-5ggF3HB_OS796iKUJB6J7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw05BiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi5nh94OY6NoEHd854AAA1pxXW"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 111ms
108ms XHR
text/html 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUuhvymxA7QcmrbiqCAvvqOn7KbkLOOAT1Vf0Bswg_KuNb8ehMXNewJlpBXw2kyQjIhSE2AkgvrtoNB6H5OlCOLosr9Xc0T4NpHOn1ETmz3hcZqVDt5VDoWCW8J_mpD2bS8_1cuYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-aF6Ok6VOLmxPgRfPEA-YPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-aF6Ok6VOLmxPgRfPEA-YPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmLw1JBiWMy_i6mW4RlTKxAz_nnBxAnE7yRfMX0D4h0-HixO6TNYQ4BYiJvj9YGb69gEZrzYFAQAgu0W9w"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 125ms
123ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOMnE,pingTime:-10,time:1719,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHw2MDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjEuMC42MTY3LjE4NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1708548203178%7C%7C2df09c7863658ab16338d3b2ea770185%7C%7C1605e69839cb81a076535f1842285622%7C%7Ca3ca332749b7ff9d294bd30c1c501e0c%7C%7Cdffd84b9d1ff566f2e1f9e7863ae3f13%7C%7Ca2825b6196b86c47b24c202efba89c80%7C%7Cb5d77abb5ecb4ab63b2a374711f6fb82%7C%7C0380298d4bd66adba89c836286be4874%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1708548198&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708548198123&bpp=5&bdt=534&idt=575&shv=r20240220&mjsv=m202402150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8493496452554&frm=20&pv=1&ga_vid=2004089668.1708548199&ga_sid=1708548199&ga_hid=761487449&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081152%2C95324581%2C95325069%2C95324155%2C95324161%2C95325794&oid=2&pvsid=736346958798300&tmod=1030225648&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=617
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:23 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2652 0
0 99ms
98ms Fetch
image/gif 142.250.65.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUusK1M3-qy3hmL9za2IqxrNXKJ4m3KeeqrvBady4pA9XOCNS3gWANhMRrOd-7GsItUi2vI_vJwS9BDCsoQtNsBqzcuqGrfXKDVcq5RCWBbINP6UymQS8uEiP2h2vZ7pYk6BfjZR_aBYBwohhtmJ2Y7PUUYxgR_T_9_gXXBltFaeAUkHwRY_aibz8gHwJMrYsZxFsihMqI9je5SuwlaelmU23ncQH3z2XdLrncg5VCPXpexIuTJ5GNauVJpUZmrHi9Esm-pxm3zB4NjW9no9Yz3s5d82f5R-7q8kCtWXuNALb1ZrU6Z8uZaIkxTNUqHxMNal4n0RlAVOyu6RXWwjke2pZbqUWm53zhlP8WXncjG-I_ozcYb8jVe1CALCC1s_ZHCqv3J0TicKUmgtP-AHyqMZv63Pu9HO89CwhhDUomAvMXC25kmIVMjQOfkdHVg7f5jPH15ZcS--AwOdo5o1FMaQIxFz-XRkKBjQva3puZy_oqCx5axAn-TSrVDQ-MS7WOk7o8fnAcfFYkVXpR7hIAGTLGmGdOfU7bX0d3XiaZdG1HMPEa-KrHqm7sT-HJ0K7TMQA4XRMpcfSrpqaTCaPgQK77_jyj3IQYxuJ4h3YZmFLky6VgEaSKjDC6P3iQs2WEFuVkJaOcp0PHgi-MkZ2TCz4-U5574TzC7MlpnIGzt_Sr8J3oTeiKpNP45QCd1sxchAzqC0bI7PbN96G8uwbXJ1-hlhqGKhluXhAVW0b9PDF1vt1uL5J6Dg3PNk5JWz0j3rH0PHg4E-u4BJnaol-KSK8PzM5fXyKknkM-FFBinr1-BXjftUMpdK4FWG-sL4nOhryaEO-Qf9DA1Sk5D3A4M0c_94lrdEFg9WuVrPvyK98ttcIege2wQFyyA2UJevi4N-VxdU2VM3q8olAiDlJLxGzTY7UKnbvJPQU9SWEshlFTVYAzX2It7tBZjXM32vSnaLa4G4-Opp-QdxCwgpp-ZMgfrl0IYLlQT6Su6TFUiTMU5raK_rt4wiI-9y9e57t-tmmpbU16cQL8Weg5ljaCg2h8xgkoxh0_1EeaLDHMmozR8S23HB6HglCVrCg3dRKjmNTbKgI6yXwCOWU7Xg_lQlSACgemrsaXPscxoYHVoLYM2OWlFuJOzUqkwE05AF1l00WsFrEpUngqe-L1NXXoIg_X_hkWch3VDC2szCBd6Q6TkrjHlIKOXXCm_VDFk5j21X-DmcEhv37X41mdqRUtLIJB2YYL2dxQpOMuRpZZLyaUEbOJWXTB0SI5Yj88W4bSl9hvdGbNYBn6AbwSWMGuKXSTDACSPQURXP11NuDoOv4VF3klqZ68lAhK3WKuxHB8BVW8sxwTDVNCmbDJ20fQuhinDKg43nfeQqQ7Xu9d87zmV0rq7yAv7Oo5FL0XfAzxxFCuYDWp&sai=AMfl-YRUz_lDcdk2JoGW7vEdXl1-eoqRtq2Jlk4Kq8qeNhHq3xCKHx0wnWFVVle_UZyBWutLtErOqLq3ATUXJLbNJhhRSLD4cpUXTwlqbgSncAPDO4X7oZ1tF3232ZPmKQendaxafigiJh6o1znnYSQBzOOV-3bAm4vgCd_GHDsZns7BJdbHZ-F3xQpv1En97jmatsSupxTzaU5qHzzVmkanP2KqmHv5BiMTezmf2wvIPOeDDtqSsb_cZdrL9xttPswArsN_5m75nBypQzWkdZ0o30uASuY0qp45fDLkBfljBAeH1imk8XGa_-IYyN8lPbhj&sig=Cg0ArKJSzNjpPAVLDlXoEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2683&vt=11&dtpt=2048&dett=4&cstd=625&cisv=r20240215.98133&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Feb 2024 20:43:23 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 122ms
121ms XHR
application/json 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240220&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5518fd55f5bcb9de788d1e84d8116734ae21586ffae6eb0108abf43538115d59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12416
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2652 43 B
215 B 124ms
123ms Image
image/gif 2600:1f13:800:7780:6827:f78a:7ed8:a42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1885389&asId=ff3e9af1-ce82-b17e-e419-191d1975cd4c&tv=%7Bc:4QOMqJ,time:1910,type:e,im:%7Bpci:%7Btdr:1827%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1910,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:46,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1897~0%5D,as:%5B1897~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:144,fm:u4Xk8nN+11%7C12%7C131*.1885389-77498460%7C1311%7C13121%7C1313%7C141%7C142%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2,idMap:131*,rmeas:1,rend:1,renddet:XIFRAME.us.dr,siq:50,sis:1465%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:6827:f78a:7ed8:a42 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:23 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 90ms
89ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Feb 2024 20:43:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A4C2 13 KB
5 KB 77ms
67ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 1696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:15:07 GMT
expires: Thu, 20 Feb 2025 20:15:07 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5394 829 B
560 B 93ms
84ms Document
text/html 2607:f8b0:4006:81f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3d00e034851e935ecddfe0840e049449ce1d2cef5727c09d10a09014b2e6efa6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1OCRMimGvxa70RbU1dW_eA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-1OCRMimGvxa70RbU1dW_eA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Feb 2024 20:43:23 GMT
expires: Wed, 21 Feb 2024 20:43:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js Show response
pagead2.googlesyndication.com/bg/ Frame A4C2 39 KB
15 KB 64ms
64ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 110053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15302
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:09:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5394 0
0 134ms
133ms Image
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240220&jk=736346958798300&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A4C2 0
11 B 64ms
63ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3dTgkw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 20:43:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2652 0
22 B 134ms
133ms Ping
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4791719859659&version=m202401290101&ct=76&x=1&cor=4847032551229497000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 20:43:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 137ms
136ms Image
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240220&jk=736346958798300&bg=!ammlaSbNAAZ3BdUuVwU7ADQBe5WfOFd3YlCu8L_UoApcmtrWLQhL-2EGNwHu1jvjA0IHL6nzDYa0f1BxbRzglGiWPVlmAgAAAJ1SAAAABGgBBwoAnsLG36tfwZ-hzyazvZSrsWGW3MXI1jXMmjnEXnlml4UIpYDKtR44l9b2MoSv2SEvaISWhj8CchJQfatNJjW7quQ5zXkICWdweQp-DfkrpOJWwTYci2BI4OcdaLnzN3vXmo6xS0d5xKNVcXzB3Hwxg0LwwDxTnoOT3Su9b70y9AaxX7VdInYWjLBpOtsEXjIltp2TbuvsSwPkv9lOGK92mQLTRX0qXuGSmJJs_AmndNI6S2SD7BHO6sfzeFaF8dXyF0pCijqm5t2YTcDPKjumXzQ5AIuvXcC9FvUkioK460rajIOy3RKwer7P2O0CHlS4XIvM0NZA0OvuSqoeD2dYoMLp-laO4Mx0hjkEF7luSbObAzwI3yCWJyL_j-EwIEuskXw3RxDsWdfMJ767C2DU4Aswjr0ac2siTYOHjSj9xgiNxKIQQv-YRnAWbzdULKXc1ZKUiPENFvH2P4KL8FolgHG9-sGHTvr1gjqQ_LqC76mcGgb5SXq8pJOtKXw2aGZSLkWU5R0h01VyL6zqX9u2aBt1eJwozD5fDzt0j0LhVusEVMnCMs9tevDCejlBXI1BhZMf1SqRYgtNFxUIk772XdQPfTS7CefBqxvYtUA20Kqv_RnQAcSCJ55PsnbaVeOlM5PpMqjrlh00_91VAoP_O3o8Az2hyr8DXvXglAZFOsjSTWx2K5f9zR2YtDadXPNS2SU8uhWhHDlojO89I0Z8NBLwYEa7yFeO6tiiYy_oQ128bqEszwp3WzxrnOAx52mchl_PIh_1GSxQoyLipGHNouivV6QFfHGWAnyI1byzEr7KWL419TfohVb4heWjMrrkLTfgVYasYzuNtnECl2n415BuItQCnm-OE9dt5KGysb1aM6bk6F-te484gDI3m-zkTna2_2c5_jd_fMlq_VLwFBrBmNlZ6Web5XXVZX3rFijL97hSs4nsY1TV54Gz1fk5DlTZM9t0U7FOB_0hF_5YwnCeg1wXnMy1z-X57QB0_81nQu7xN0bIGyiiqS26MjDL7EKpptcvWnFSJdIJXNT_k4O4fNMu_xOZc41Mu3KEFqOXtyqaj057w6ASsG1MwZUic4V_RJVqTD4a-_jQZ68As6ERszqJmP8aQ_xHe4Dd4PkiZL2mG2c3DwjLgOZTNM_hhu0CmQIza2VE0W7AvkWot4FxUhDm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/media/69fd76e6469f8463e7777fa658d582dc.png

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/media/2ba67618943d6a7f8bdfdf5f54bfe669.svg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/media/6d98a21af1e0c1b28918800bd6335c0e.svg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/media/da98d821dc65b31ea9f22d878ac5ae02.svg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15313612520504161112/media/abfb05c0f4f9862e5821223b67445c5e.svg

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
webs-signnfinitya.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1c4579bd677d4e0fe3069f6ec5d1c796
.postimages.org/	1970-01-21 03:57:24	Name: __gads Value: ID=acd77150e8681af6:T=1708548198:RT=1708548198:S=ALNI_MY67TMZ-qemDQva5DG2-cV91eBRQg
.postimages.org/	1970-01-21 03:57:24	Name: __gpi Value: UID=00000dcbee14a53e:T=1708548198:RT=1708548198:S=ALNI_MaBMpJmJV-qwS2jDWHkSvRzNt3NDA
.postimages.org/	1970-01-20 22:55:00	Name: __eoi Value: ID=7ed759c1ab9c224b:T=1708548198:RT=1708548198:S=AA-AfjZjtput1I_r1NAOb5QdoXDf
.doubleclick.net/	1970-01-21 04:11:48	Name: IDE Value: AHWqTUlg0MgFC4paCcjupzVZDs_krKSVF8VOSwcvUmJ5Gcx2YsuwuGFK3ZmWzOHj
.casalemedia.com/	1970-01-21 03:21:24	Name: CMID Value: ZdZgaNHM474AAGX2ACsBigAA
.casalemedia.com/	1970-01-20 20:45:24	Name: CMPS Value: 2778
.casalemedia.com/	1970-01-20 20:45:24	Name: CMPRO Value: 2778
.doubleclick.net/	1970-01-20 22:55:00	Name: APC Value: AfxxVi58LcV4Wn0UWFY34k5cSNCYwXsM3v-z2lYCgdyE3agwBGyBdA
.doubleclick.net/	1970-01-20 22:55:00	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 04:11:48	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:45:24	Name: XANDR_PANID Value: nWexzJgdClNOIEXaSKIeEjIpqz4djrmX6SAAiiR1qB8V5mYXrBFN9z1Pl02jD-IiC7DCZg5QmN_HVj-mhxqr6Z2Ckdc4-kDZx3GvLDLPIow.
.adnxs.com/	1970-01-20 20:45:24	Name: uuid2 Value: 4512918224121251779
.adnxs.com/	1970-01-20 20:45:24	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>sIZ!L[!@wnfH8K6pQK`!5=E<L5?%M7fNpt]2di$D8?JaGdV'@G2Fhe%A8d(OW-WbTbpRzqF1`b_Ko*/8im
.doubleclick.net/	1970-01-20 18:35:51	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 20:45:24	Name: ar_debug Value: 1

58 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://postimages.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
postimages.org
postimgs.org
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
webs-signnfinitya.com
www.google.com
www.googleadservices.com
www.gstatic.com
fonts.googleapis.com
s0.2mdn.net
103.30.195.81
104.18.36.155
107.21.115.196
142.250.65.194
142.250.65.226
142.251.40.194
2600:1f13:800:7780:6827:f78a:7ed8:a42
2600:9000:247b:b200:8:48e:53c0:93a1
2606:4700:3031::6815:2b1d
2606:4700:3033::6815:55cc
2607:f8b0:4006:807::200e
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80e::2002
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81f::2004
2607:f8b0:4006:821::2002
2607:f8b0:4006:824::2003
2607:f8b0:4006:824::2006
68.67.161.208
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff
068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3
07ac6e214a833c4bfff5dbc745d0daf4fb5538a4a77652af1399267cf94dc735
09b523db292499678c3046b9ce943c627007d83510e3667b1708e0c448473ac4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17174ef572da3778bd413ec9ff612c7d8124f3e68b37c12e8872bd6e68c96d8b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1aa70024ac6f01c7669a14fc606db2cb555073bad5a076c9d70869392fb1118f
1c62b3bbcbb94b6280e8f04503cac7f0664d696dbf0170819f1e132e3805a828
21fe12f4cf3307721e5beb68aff8b762dfcd1b16c56025bb31b952e1590ff6c3
245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3
3c2a857e487863b99dce94733988dbc40b78f96c86da25ae265c14b92e617d6a
3d00e034851e935ecddfe0840e049449ce1d2cef5727c09d10a09014b2e6efa6
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
48639bd7695fc270e23859d9b74231f49bc78f05e3a96ed0332a9b0b80d8c2e4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5518fd55f5bcb9de788d1e84d8116734ae21586ffae6eb0108abf43538115d59
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
579f7afffec025181ef2723ce9e8376f407c37419bc5345c28e5a868788add6f
5a0cdf281b5aa122dcc51b0afe5e1164854bab6e79369092af90689c4fade857
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
700602424f3b2803dc9d2c06a01b7afe6639b1334f9144b4ed1a831e74ca6f8e
716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3
719314f680a79defc6c02a7dbaff63da48911cbf418614226bde044fb02e065d
71ed6d1513578ededcd2e8bdf94a057daf9c050a7a3bb728ebf9a5469da4d5fc
7e0502b1021da089ba5a624429eaba9e639c8b2ee46330930fe0354cf81cda2b
7f368131e690090a4625d28f5a7518f1baf4122bf8f051e080f8f5f9430190b0
8446e5a869f03ce8cef044fcc935d0ac9eeec1a9fa19c7d95f7cd72fc555ba16
8d2fc53dd9d563c5e321dc06aa57291166c2cc7535a43e3aefb36f2e7f027346
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a9b4d4a874d9284ffcbc5f13a10e05dbfc8697abedafdaa52f0b86d6e345b9
b2eb04e300901a3a3cd45287b3dfb91127a5771bd68dfdb86f3b619aecf0ed44
b7522979e54d2882c7932bc86a142a47b319c5ac06e28380b7a6b735e31c6e0e
be87d5bafe3844fc341056653889e99ce928077c493862aa28460c7daeadf0fa
c4ca5ecc6a5be80d479e0475e3e337214d5e09333792a25b8cd6904aa3d66583
c7ae1a1887541a5761b56023ba3437d5d5a8df0e33bafa02a7b192208f686768
d0089230217619fbaaddf3e6575ae7841aa378c159bf5f9b1e4a59cdc5078aa5
d20c17a56d4a1472fe9d3c8bdbab18b0a5090602d121c53f54781faaa6b7a182
d9be248eee3efff14af2a4d91b67a0da6b9fa4a3aeeca3136671c686d8b822be
dc8f13ed15cfc25d5771407e846150a07d8488f1eea60ec8722369a0e5c64fdb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ef08532ea47d0f77b5d07704ea0c3caff9c7825bf8bcfd1a9e50ff633a2098dc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10d5bdd8d60943848d514b3aa6e7d4d663e669069c8ed946ff4ed262a288a07
f81ea40c2dca55d5703b4c2b6e828dee820d1df4265b7f0fa0e810c34da5d762
fe8c77c2b3d7f2dca63bb400c54e4408590d62bdb0665edb8d70ab0ed3d3e6ad

postimages.org Open in urlscan Pro 2606:4700:3033::6815:55cc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

123 Requests

89 %HTTPS

65 %IPv6

13 Domains

20 Subdomains

20 IPs

3 Countries

1421 kBTransfer

4157 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

postimages.org Open in urlscan Pro
2606:4700:3033::6815:55cc Public Scan

Screenshot
Live screenshot

Full Image

123
Requests

89 %
HTTPS

65 %
IPv6

13
Domains

20
Subdomains

20
IPs

3
Countries

1421 kB
Transfer

4157 kB
Size

16
Cookies

123 HTTP transactions
3 data transactions