www.winhelponline.com Open in urlscan Pro
2606:4700:3033::6815:15b1 Public Scan

URL:
https://www.winhelponline.com/
Submission: On March 04 via manual (March 4th 2021, 2:33:09 pm UTC) from FR

Summary HTTP 371 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 24 domains to perform 371 HTTP transactions. The main IP is 2606:4700:3033::6815:15b1, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.winhelponline.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2020. Valid for: a year.

This is the only time www.winhelponline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
102	2606:4700:303... 2606:4700:3033::6815:15b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.224.192.34 13.224.192.34	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3034::6815:3d31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2606:4700:303... 2606:4700:3030::ac43:ce7a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
76	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4	35.190.64.11 35.190.64.11	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 14	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
82	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
9	3.127.76.126 3.127.76.126	16509 (AMAZON-02) (AMAZON-02)
2	217.79.188.59 217.79.188.59	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.21 217.79.188.21	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	54.154.164.132 54.154.164.132	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
7	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 1	31.172.81.159 31.172.81.159	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 1	31.172.81.158 31.172.81.158	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	37.157.6.247 37.157.6.247	198622 (ADFORM) (ADFORM)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	70.42.32.63 70.42.32.63	13789 (INTERNAP-...) (INTERNAP-BLK3)
2 2	184.30.20.241 184.30.20.241	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4000:816::2003	15169 (GOOGLE) (GOOGLE)
371	28

102 2606:4700:3033::6815:15b1 (United States)

ASN13335 (CLOUDFLARENET, US)

www.winhelponline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-34.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:3d31 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::ac43:ce7a (United States)

ASN13335 (CLOUDFLARENET, US)

ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

76 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.64.11 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 11.64.190.35.bc.googleusercontent.com

absorbingcorn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

82 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 3.127.76.126 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.59 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.21 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad2.adfarm1.adition.com

ad2.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.164.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-164-132.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.159 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.158 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.247 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States) 2 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.20.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-241.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4000:816::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
102	winhelponline.com www.winhelponline.com	280 KB
74	googlesyndication.com 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	667 KB
72	doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	297 KB
31	google.com 1 redirects adservice.google.com cse.google.com www.google.com clients1.google.com	173 KB
25	ampproject.org cdn.ampproject.org	490 KB
13	google.de adservice.google.de	3 KB
13	gstatic.com fonts.gstatic.com csi.gstatic.com	112 KB
9	ezoic.net g.ezoic.net	298 B
8	googleapis.com fonts.googleapis.com www.googleapis.com	27 KB
5	googletagservices.com www.googletagservices.com	162 KB
4	adition.com imagesrv.adition.com ad2.adfarm1.adition.com	104 KB
4	absorbingcorn.com absorbingcorn.com	31 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	ezodn.com go.ezodn.com ezodn.com g.ezodn.com	180 KB
3	amazon-adsystem.com c.amazon-adsystem.com	35 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	openx.net 2 redirects rtb.openx.net	766 B
2	adform.net 2 redirects c1.adform.net	887 B
2	wp.com stats.wp.com pixel.wp.com	3 KB
1	bumlam.com 1 redirects sync.bumlam.com	680 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	369 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	937 B
1	adsrvr.org match.adsrvr.org	265 B
371	24

	Domain	Requested by
102	www.winhelponline.com	www.winhelponline.com
63	securepubads.g.doubleclick.net	www.winhelponline.com securepubads.g.doubleclick.net 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
57	tpc.googlesyndication.com	securepubads.g.doubleclick.net absorbingcorn.com tpc.googlesyndication.com www.winhelponline.com 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com cdn.ampproject.org
25	cdn.ampproject.org	securepubads.g.doubleclick.net
14	www.google.com	1 redirects cse.google.com www.google.com www.winhelponline.com 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
14	adservice.google.com	www.winhelponline.com securepubads.g.doubleclick.net
13	adservice.google.de	securepubads.g.doubleclick.net
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com www.googletagservices.com
12	fonts.gstatic.com	fonts.googleapis.com
9	g.ezoic.net	www.winhelponline.com
7	cm.g.doubleclick.net	139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
7	fonts.googleapis.com	www.winhelponline.com securepubads.g.doubleclick.net tpc.googlesyndication.com
5	www.googletagservices.com	securepubads.g.doubleclick.net 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
5	139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	absorbingcorn.com	www.winhelponline.com
3	www.google-analytics.com	www.winhelponline.com www.google-analytics.com
3	c.amazon-adsystem.com	www.winhelponline.com c.amazon-adsystem.com
2	ssum-sec.casalemedia.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	rtb.openx.net	2 redirects
2	c1.adform.net	2 redirects
2	ad2.adfarm1.adition.com	139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com ad2.adfarm1.adition.com
2	imagesrv.adition.com	139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
2	cse.google.com	www.winhelponline.com www.google.com
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	sync.bumlam.com	1 redirects
1	sync3.sniperlog.ru	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	match.adsrvr.org	139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
1	googleads.g.doubleclick.net	www.winhelponline.com
1	ad.doubleclick.net	absorbingcorn.com
1	clients1.google.com	www.winhelponline.com
1	www.googleapis.com	www.winhelponline.com
1	pixel.wp.com	www.winhelponline.com
1	g.ezodn.com	ezodn.com
1	ezodn.com	www.winhelponline.com
1	stats.wp.com	www.winhelponline.com
1	go.ezodn.com	www.winhelponline.com
371	38

This site contains links to these domains. Also see Links.

Domain
www.twitter.com
www.facebook.com
www.ezoic.com
www.microsoftedgeinsider.com
ms-windows-store
monitor20.sucuri.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-10` - `2021-07-10`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
absorbingcorn.com R3	`2021-02-21` - `2021-05-22`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
ezoic.net R3	`2021-01-23` - `2021-04-23`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G2	`2019-05-02` - `2021-05-02`	2 years	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G2	`2019-06-03` - `2021-06-03`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh

This page contains 16 frames:

Primary Page: https://www.winhelponline.com/
Frame ID: EFB985B32D11AD1BB6D1A55DEA994623
Requests: 248 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Frame ID: 2F93C63041AE17103403973D8681DE33
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 4D10CBAC589ADF46B469EB792300F0CD
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 9BBC55BC2D5BFA4BAD8385A8F5E54A65
Requests: 15 HTTP requests in this frame

Frame: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 46AEA717ECE45C575053F6B71DADEDE8
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html
Frame ID: 04DE35A3283A8998B896EE22EDA15307
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: DC81F03F1C5F47BB6A49CCE07E076E4F
Requests: 15 HTTP requests in this frame

Frame: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 5C31782921D7E8AB9CEE93950FDC0602
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: D4DD63ABF02D9561CD7AE2E0BFD04BDC
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: CF7190A49E726F3A9978ED262547BD68
Requests: 15 HTTP requests in this frame

Frame: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 8FEB4D3908D226B6159A04413ECBCA8A
Requests: 17 HTTP requests in this frame

Frame: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 6FAE686F9D46635A92874B6D105436AE
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html
Frame ID: C48413D2091C9E68820CBBC1F333207C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html
Frame ID: AAF1304C0B3B3722C1DB500647C62693
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5FE5B0B7738A0E506F4FB0DD04037DD6
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 16E510A470A3B42CDD8EBDD7BC536A12
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

371
Requests

100 %
HTTPS

53 %
IPv6

24
Domains

38
Subdomains

28
IPs

5
Countries

2583 kB
Transfer

6551 kB
Size

19
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.twitter.com/winhelponline
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/winhelponline
Title:

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://www.microsoftedgeinsider.com/en-us/
Title: Edge was being rebuilt

Search URL Search Domain Scan URL

URL: http://ms-windows-store//collection/?CollectionId=EdgeExtensions
Title: Windows Store

Search URL Search Domain Scan URL

URL: https://monitor20.sucuri.net/verify.php?r=0bc7cc656a57aa9abe9ea05ecf891d632f437b4fe7

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 160

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 341

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEH9mwa8rVTbj6YxRUOuHsno&google_cver=1&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJWUfNE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJWUfNE&google_hm=NTQyMjY1NTM0MzA4ODY1NzQyMg%3D%3D

Request Chain 342

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEOE49eHZElySRXiV5VaWBy8&google_cver=1&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI HTTP 301
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEOE49eHZElySRXiV5VaWBy8&google_cver=1&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI

Request Chain 343

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKFNzN9L-dMsCbbREhx4O-w&google_cver=1&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n1KVrO53pahJNIfL01GY HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKFNzN9L-dMsCbbREhx4O-w&google_cver=1&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n1KVrO53pahJNIfL01GY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjIzNDk5NjI4Mjg1MzUwNjQ2Mg&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n1KVrO53pahJNIfL01GY

Request Chain 344

https://rtb.openx.net/sync/dds?google_gid=CAESEBO0ZW_KzwxBRJyZe1GtbYk&google_cver=1&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEBO0ZW_KzwxBRJyZe1GtbYk&google_cver=1&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&google_hm=dXg-uHEfxEkb9HXZSXRPtQ==

Request Chain 345

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEHn9UOJDUtd5JCpiatutyx4&google_cver=1&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8 HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEHn9UOJDUtd5JCpiatutyx4&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8&google_hm=NFhpbVZYTXhMQW5abEt5bEotOU4=

Request Chain 346

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao&google_cver=1&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFKhMA48XUos HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao&google_cver=1&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFKhMA48XUos&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEDvlstTufHmohJ-nXg4iAAABFYAAAIB&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFKhMA48XUos&google_cver=1&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao

371 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.winhelponline.com/ 207 KB
43 KB 1231ms
1201ms Document
text/html 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9053ab0fe2686eb02e1d02a89c718bcafbc9954eebf40a6620a60f57e9d9def

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.winhelponline.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:47 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d0eb149aa84f9bec577daac3e1d6587131614868366; expires=Sat, 03-Apr-21 14:32:46 GMT; path=/; domain=.winhelponline.com; HttpOnly; SameSite=Lax ezoadgid_105367=-1; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 15:02:46 UTC ezoref_105367=; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 16:32:46 UTC ezoab_105367=mod1; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 16:32:46 UTC active_template::105367=pub_site.1614868366; Path=/; Domain=winhelponline.com; Expires=Sat, 06 Mar 2021 14:32:46 UTC ezopvc_105367=1; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 15:02:47 UTC ezepvv=865; Path=/; Domain=winhelponline.com; Expires=Fri, 05 Mar 2021 14:32:47 UTC lp_105367=https://www.winhelponline.com/; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 16:32:47 UTC ezovid_105367=538292729; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 15:02:47 UTC ezovuuidtime_105367=1614868367; Path=/; Domain=winhelponline.com; Expires=Sat, 06 Mar 2021 14:32:47 UTC ezovuuid_105367=6d460c1b-2c53-428e-7da5-217f4a4021f8; Path=/; Domain=winhelponline.com; Expires=Thu, 04 Mar 2021 15:02:47 UTC ezCMPCCS=false; Path=/; Domain=winhelponline.com; Expires=Fri, 04 Mar 2022 14:32:47 GMT
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-security-policy: upgrade-insecure-requests;
display: pub_site_sol
expires: Wed, 03 Mar 2021 14:32:47 GMT
link: <https://www.winhelponline.com/blog/wp-json/>; rel="https://api.w.org/"
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding
x-content-type-options: nosniff
x-ez-proxy-out: true 2.2
x-frame-options: SAMEORIGIN
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-rocket-nginx-serving-static: No
x-sol: pub_site
x-sucuri-cache: BYPASS
x-sucuri-id: 19012
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
cf-request-id: 089f40ddac00004d89b9862000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BVIUr8mCeXGr%2BzRqE8q2dN5%2BOmxXxOFGrvFH4JnBC0nRpv%2BiReL4FiaI85eYGy68litq9p%2B3EjSZMg0rTuKtV6N%2FfzrMfy2cX9LEMK91nZtZfhgXomO7E1gQ0BrjHeEHnUk%3D"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 62abd0dc499a4d89-FRA
content-encoding: br

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 119 KB
31 KB 50ms
17ms Script
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 7KnjqYhn.fTYs_joiF9hMVX.bWg_6oV9
content-encoding: gzip
server: Server
age: 153
etag: d2bbe61d6c9cfd2f9d26c66417c4fb1e
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control: public, max-age=900
date: Thu, 04 Mar 2021 14:30:14 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: aoM7L44_HD667y-3QvV6bG273FGSm81UUZ_xb7i6NJbCGCkdVguBZQ==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 34ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 295 KB
85 KB 65ms
29ms Script
application/javascript 2606:4700:3034::6815:3d31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,conversant,criteo,districtm,districtmDMX,gumgum,ix,oftmedia,oneVideo,onemobile,onetag,pubmatic,pulsepoint,rhythmone,sovrn,undertone,unruly&cb=192-8-11
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:3d31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc3e89318f8ad6d66e0ea5b27a0526cba837ae58f633f286bbd5c7535f7f4493

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 111855
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lQzAj7p%2Brx7hYh%2BjhVTtw9vCQaFgS1HhOdGjH3PueanUG66%2BMFeSHxJuzq9Pk7YrVNQ0zESMqGFxK72YCzwqIOE7TcW1MvKg0Bu2KBI0Adb%2BPeqkwUzWYCo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 62abd0e46f874e62-FRA
cf-request-id: 089f40e2c200004e62328b3000000001

GET
H2 200 boise.js Show response
www.winhelponline.com/detroitchicago/ 983 B
702 B 25ms
20ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/boise.js?gcb=192-8&cb=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2363179
cf-ray: 62abd0e43ed44d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a400004d8956965000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m9xl1DPIjKviJN06jGcc3lUVN2T9q2%2BhnIiH%2F123ovvATibnvEPvvjaDAIm426whn79QMzsK%2BsNAgBr%2Bj0N3qzjmNXwYosCEdEVjBVMgDnVk5Ce7oXxPCdAQaAWu9SYdlGE%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
276 B 46ms
42ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.6.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FGhrPua1HnXTk4ew%2Bv75yWtxWoDAeqEidooQTULff%2BIj966yO2USZVhzsYKlwEMKP4Y4naIbvU5UY9hmkMBaTR6luYn8Zma%2BTKUsrjO3uDAL6sy4omLTMWNg8FoeEh8Iys4%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 62abd0e3ee3c4d89-FRA
content-length: 0
cf-request-id: 089f40e26e00004d899aaf9000000001

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 39ms
18ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

63e971626cb7961fb014906a5476a7353bba89331013e001bb16b4a6ac5ce93f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:32:48 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 7 KB
2 KB 72ms
68ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.2.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9f5bcaea7135eb0b06f4009ab1d5c031b2656f8b6a3a0fb6a833c6291193a36

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iviHKeu848vhdXm%2BV%2FbiGlYBkf%2BK31xJXtRU5FGCi9prZm3MhGHTW3Gu6Xkz7SMHnmyaJ3McaV5ZJqqqZqNyaWMhUnlnVl3LbnAEgAonv8G2l4nY%2FVglTBD6zN11Hsljhxk%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee3e4d89-FRA
cf-request-id: 089f40e26f00004d89a9b69000000001

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 565 B
466 B 47ms
43ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38ed2c21bcfa116d731881882f18dcea1371c5b3c8f885bdaae9ecc92a1848c2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=thpnCyiCJ2KAnk%2Blqr2mQhchwxbvjudl0E7OXnm%2BFNyQPV%2FRuHh%2FYbWf7%2BynGQ52A%2FzqoIkAznwSqqSsV%2BPa%2Bo1DOTZGWNiIo%2BDOVr3nVSWc3Aa7RI2OtvzDadHcbtzDB6E%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee3f4d89-FRA
cf-request-id: 089f40e26f00004d898292b000000001

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 9 KB
3 KB 37ms
33ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ecf255231e66490a23e9c77a818f7f00ee7d78093a92cab6a4e967c1953d8a2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VLX%2FKXciGytQ%2Fk9gWeoB%2BH5NjA87oLkfnavdgt3HYzsg3u%2B%2FHh8XK7Q7lInxueusJyTcl9fByqy%2FUtvZNgCqW%2BTKtHknKlxm1bSPeTDZ8ThWqQrznf8N%2B%2FD%2Fg5ek0K2Q84Y%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee414d89-FRA
cf-request-id: 089f40e27100004d89d6157000000001

GET
H2 200 font-icons.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 1 KB
646 B 37ms
34ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b983ef981b6fe164fdcbf7043da01353e31f5684f9f6e57b18f34c4741aece5a

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tniUhzSbSpNyKw2hairWgovOeq%2BSXj7z%2Flg6CEv1%2FesJqR8Ni%2BByBx%2BJmZsgjgADL2ffbIxP%2BjdG7M5zELFNWNyCUa69aRw7XpCzmOvqLkeVTH51wsmlCiQymT%2FBS0IP5rE%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee454d89-FRA
cf-request-id: 089f40e27000004d8979ab3000000001

GET
H2 200 front.min.css
www.winhelponline.com/blog/wp-content/plugins/cookie-notice/css/ 2 KB
1002 B 45ms
43ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.6.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73dd08c34cf381d62ebef877a80373a6c926a2e641e651c27640ae4fb05af464

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BKpNFG%2BjBsu%2BUupErTa86MXjLAPoQpsBjjW4i3FZKjXsvZr1RJLXvqnhzsFb9xwXkYbz9B2OOjS%2F%2BXyT%2FvBWEqmSKvX%2BPVTUFVKygxs3g4lryY8NpOYJnJdZFx20UUOFCRY%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee474d89-FRA
cf-request-id: 089f40e27100004d89748dc000000001

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/uploads/generatepress/ 5 KB
1 KB 42ms
40ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/generatepress/style.min.css?ver=1614744664&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67c09614e086c51b23713d706f3de578d6eb4f15b8296e1cb9a641934788c7b1

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YwVrBTV59Jr%2Bf7xteLn%2FEEKLcxSZrKgHX6CEHOJW44Xv60hSbMU8KbY54otA%2FkEgkmyA3SQsabDUXQ3Bd9Yt5sFNDyCrPx4IQ3JTepvnIzq1tc1j4Pg9eIctb0mCoRQ1ZuU%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee484d89-FRA
cf-request-id: 089f40e27100004d896eb75000000001

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
686 B 38ms
35ms Stylesheet
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=1.12.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffe3558eee19297c7d7efb3ee170abccec5984bf568d44a194bfd46153ad898

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Uvr%2B%2FtAkPGP%2FrNbcwwOLeQo7Ayr1305lo0f8XpXk5gwRzGu4cbQ%2Fl1wFpHh%2FOuLd%2FBPMrS1M58p8naXPsrvJsKHHxpWkwMYXDwM%2BmhgM3Dfk4nYN2Di2nS0Hlg7NEU6sMso%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e3ee4c4d89-FRA
cf-request-id: 089f40e27200004d897e800000000001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 1812
date: Thu, 04 Mar 2021 14:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Thu, 04 Mar 2021 16:02:36 GMT

GET
H2 200 jquery.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 87 KB
30 KB 22ms
19ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 7279048
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 09 Dec 2020 03:07:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd03f5f-15d98-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MLkR%2FbUMBl0V%2F%2FYrecHd6LuTBQp6xwBjZNXdgm3Q9wKuI6pygW0YzBmsoQG05JAHQI8gSqu1QByuvdh70LjsznXeQ8XieHiYE%2BADkXFXPr5ZMCM6zwPXU6cOi2WwcPSWjVk%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e27300004d899297c000000001
cf-ray: 62abd0e3ee4d4d89-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 11 KB
4 KB 20ms
18ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 7279048
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 09 Dec 2020 03:07:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd03f5f-2bd8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O8hiSLOM8Tizvhj%2FnaTESfU38ohc8mGsIDMtobTnV4DPG2KJJ4Tqdf8DIMAQoL7jkNmuyqjzzOBQAyoLvRZ%2BYd%2F2R3tn6EcZJNFXOILnr8rs%2ByUk6lELIgqv0tw3IHxRVdI%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e27300004d89c017b000000001
cf-ray: 62abd0e3ee4f4d89-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/cookie-notice/js/ 9 KB
3 KB 19ms
17ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.0.3

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 1056803
x-ezoic-cdn: Hit ds;dm;16682ec8d7190a9c087311d559b95b01;2-105367-3;4d469f46-6632-4fc3-59e1-b315e45baa65
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: MISS
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Fri, 19 Feb 2021 17:15:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"602ff21c-2474-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J5oTmmC7gxGEnUwRmuEStOEtimEeEfGksYasYXojmjAxd9nwyux4IR8Q8c4gvnwRFNfCDt9bt5nWH8koQH8NzwzzuBzj7%2FAcrVwRO2drGl7JkXt1%2Ff7wYgykjfxk7o3vBhQ%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e27500004d89b03d2000000001
cf-ray: 62abd0e3ee514d89-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 generatepress.woff2
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/fonts/ 1 KB
2 KB 23ms
22ms Font
font/woff2 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/fonts/generatepress.woff2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.winhelponline.com
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
age: 7322891
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-ez-proxy-out: true 2.2
x-frame-options: SAMEORIGIN
etag: "5f87ac48-4f0-gzip"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://www.winhelponline.com
cache-control: public, max-age=31536000
date: Thu, 04 Mar 2021 14:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ezoic-cdn: Hit ds;mm;aa1d57d151a635a716aaa545aa8c10de;2-105367-3;9a5f6e96-d1c2-48ad-5c7f-d1919430a0b9
x-rocket-nginx-serving-static: No
x-middleton-response: 200
content-length: 1264
cf-request-id: 089f40e27800004d89b03d3000000001
response: 200
last-modified: Thu, 03 Dec 2020 17:53:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QJfnn%2BcKD8cHGYTTlTjF9LLeHw8NZeU%2FRVIDdAyOlqZ3uw5y2ZxOZcWzO%2BVeR9N79qMoyS%2BpJA%2BRFw1H3U5AUgpOuKZ3xPThTHM9ORIS3oRerRLgyUCXa8DAP91bSSrawZ0%3D"}],"max_age":604800}
x-xss-protection: 1; mode=block
x-sucuri-id: 15012
accept-ranges: bytes
cf-ray: 62abd0e3ee544d89-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 w10-clear-background-history.png
www.winhelponline.com/blog/wp-content/uploads/2017/11/ 9 KB
10 KB 18ms
14ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2017/11/w10-clear-background-history.png?ezimgfmt=ng%3Awebp%2Fngcb2%2Frs%3Adevice%2Frscb2-1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fef6d90fc22c3f94fa10afb8f2486ccf398d3637ba2ef62d2be59a1d974e318c

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 a0e6061772061e71095adafcf8e4654d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 67256
x-amzn-requestid: cf1ce8f3-64f7-43a5-8c7b-dd51c7586888
x-ezoic-cdn: Hit ds;dm;901d29b06442867f953eb61b3037ab0b;2-105367-3;6313bbb7-f451-4fc2-48c3-eb1cc739df9c
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: bnvT_GasIAMFjZw=
cf-request-id: 089f40e2a400004d897e803000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-603fc5b3-060830a95e9488b36f15eacd;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8KVoYSgBB6kBZB6VN8czfzKfSYsiIuERedsjIWr95ELkG3BiaImUPO5M9BSD5rwGrO7AyQzLKTA6eQiBI9gOhCtrIAl130TBJoFFCoJ9UhfsUh4Amyc8JeBW7lm3ceT9YVU%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-amz-cf-pop: MUC51-C1
cf-ray: 62abd0e43ed84d89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: 60CivZUuuO0Jz74PUoUuH4YJGkHG7Z8SOZvefoYGrUFaVxLwiJfpVQ==

GET
H2 200 state-repository-cpu-usage.png
www.winhelponline.com/blog/wp-content/uploads/2017/10/ 39 KB
39 KB 22ms
17ms Image
image/png 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.winhelponline.com/blog/wp-content/uploads/2017/10/state-repository-cpu-usage.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c4fcbfdc05b68dd52d61e5f307d6ceb00b757899f2db853262592d4466a0000

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 516172
x-ezoic-cdn: Hit ds;dd;4c2e562992106dcee4bcca0f163e16c8;2-105367-3;cfb5ec72-5bcb-4c70-6bc9-434c2a3267ce
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Fri, 19 Feb 2021 23:00:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5c04e23d-9b30-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ddJWdQp14wbwVxuqlCN26NryzOS4HBMcMCXtzQekUKqStI75icbvb2SbFR61jSsaeceTg%2BBwhBCDHyHZvBLmcHSyiEH4aK%2F7KAFhUETiNEF8O34magD1fvBdamXg8E21Iq4%3D"}],"max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e2a500004d89d738a000000001
cf-ray: 62abd0e43eda4d89-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 smooth-scroll.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/gp-premium/general/js/ 7 KB
3 KB 27ms
21ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=1.12.3

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 7111969
x-ezoic-cdn: Hit ds;mm;15f35ace4a30bc073a31dde231a2e515;2-105367-3;a14756ec-f07b-467d-71a9-a2ab41e2461a
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Fri, 11 Dec 2020 14:25:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd38160-1ae5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=i%2Bypi3Fl4YlEzjAbQun8W7OL%2BdF2ElRdsiQiENi6rbCKxME30tdnP9G6yuHOUk8G8YJvIsty4rk4v7KdzP75bHkIutpEIaLwGHh%2BpNCP%2FmEzsoxJ8XiMw2VANCVhHu%2BXzCc%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e2a400004d89cc1d8000000001
cf-ray: 62abd0e43ecd4d89-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 script.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/ 17 KB
5 KB 22ms
16ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=4.2.1

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

244de6960388f992e43c07685dd8c7ca1ee4424d85874a72036f2f8e692bbd7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 7322892
x-ezoic-cdn: Hit ds;mm;b2ea9b369b58ad84a8e6ce806a5b833b;2-105367-3;e3f2bed5-4ca7-4f70-6e5c-90de201b6608
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Tue, 08 Dec 2020 01:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fcedd88-4426-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DvEwOixhvyhfiGHOpS39IjZXXiBZn1Q0xdQbCCyi9NySMVYN1VIMowBTcIw7zzHxZdfHJoDFEY9SBvF1Fr9Yhwnq%2FEwi%2FILU9oqhr2MyLGglszqANIPJxFuOZDXM1M1XsOE%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e2a300004d89748df000000001
cf-ray: 62abd0e43ed04d89-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 main.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 23ms
17ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/main.min.js?ver=3.0.3

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 113165
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: MISS
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 03 Mar 2021 06:14:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"603f0c42-1c98-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ehlVmnVTcUhylqcFHrj8yc7JiexxFLI%2Flfsekf5uQu8cuRgypYbEk%2BX3S8n%2B0lKeq5t418jekIBFfsuhp3t2JU7rcemkz0dFn%2B%2F3MKeIIkNJ6qmt71rBCf4x10O1i%2B9NWL4%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 19012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e2a300004d896f810000000001
cf-ray: 62abd0e43ed24d89-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 back-to-top.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 712 B
818 B 25ms
20ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.0.3

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-ez-proxy-out: true 2.2
age: 113165
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: MISS
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 03 Mar 2021 05:07:29 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"603f0c42-2c8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3Cf1Vq41DUaPOiFeniUhDBKndSkiQdLjjB2%2FQ%2BYIsAMIz4UFO%2FS4st1KjbhTYZ2WoEICTLsJv0jmJcPr0VsqxuzZ4ShEPOOWPUMuKDbN0Z%2Bw8EwrhqHBNx27mB53tRdxq3U%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 19012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 089f40e2a400004d8957a0c000000001
cf-ray: 62abd0e43ed34d89-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202109.js Show response
stats.wp.com/ 9 KB
3 KB 41ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202109.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sun, 20 Feb 2022 22:39:29 GMT

GET
H2 200 augusta.js Show response
www.winhelponline.com/detroitchicago/ 1 KB
965 B 21ms
17ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/augusta.js?cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf8921b49510efc41d6ce26a3a5d6bd53d65afc5f7ce3b523bee1571360d3080

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 237429
cf-ray: 62abd0e43ede4d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a500004d8952a0c000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IzVkV92UlhrHq5kUrrhbN6UQbXVSlaPWfB0pQ7K8R0Y6o4ryEu7wP%2BAwjST%2FIqjlc7kqjuQSVvti2WmKYOdOXwEvM0FayFNqRHJy4F4YsLk%2Fmr%2BKZVFB%2FrB1dw7UmE2Qf2c%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 altconsent.js Show response
ezodn.com/cmp/ 396 KB
93 KB 76ms
40ms Script
application/javascript 2606:4700:3030::ac43:ce7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/cmp/altconsent.js?v=8
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:ce7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2b92530616ddbefbed0e825e094cd914f17ae899b42152f17028a0073f5eb62

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Dec 2020 23:21:46 GMT
server: cloudflare
age: 52291
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TXTOEoIWkQmi3TRQHlPJkz6rioRAULsLNQ5ChBgxZCQU9sFSHbso5ZNEdVas3hauuozDxTU0nRWl3zn4SAWPj%2BytZm40VrQrmhUoKmQ8XHV6LDmB9Hk%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e46b444eb5-FRA
cf-request-id: 089f40e2c100004eb59ea91000000001

GET
H2 200 ezcl.webp Show response
www.winhelponline.com/utilcave_com/inc/ 1 KB
998 B 19ms
15ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 75883
x-middleton-display: staticcontent_sol
x-sol: middleton
cf-request-id: 089f40e2a600004d89cab78000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Et%2BAGcalzkBwPwGSr4kqx97kOz1DWdgALCr%2Bd5bNPSZho6zsxBCQ7DBH23bxrZFeL6SIhqzoIEKXPqIhTmwwaOGEFGiTqpDme%2FmVhjFylCqxE8C6%2BwMh5Z2AMsG80N52If4%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 62abd0e43ee04d89-FRA
display: staticcontent_sol

GET
H2 200 houston.js Show response
www.winhelponline.com/detroitchicago/ 3 KB
1 KB 28ms
25ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/houston.js?gcb=8&cb=36
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 564954
cf-ray: 62abd0e43ee24d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a600004d89659fd000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FocMV1sgcduk2jr2fUXX3Gh9fg6z0QcHtZVcmwa%2FgLDtpXSO3EpmtsBXRRLdFOqQG8aa7Nyudhg9US2HHuXhuDyRZUIkdxvUwF3RaPCVKRcYUaBzpxa8CK3vdhTL6BOEhe0%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 57 KB
20 KB 49ms
15ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

2449485ad8020d42ff44981a9046d1bcd49561861e623cae5e9e8040fb6b2564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "801 / 303 of 1000 / last-modified: 1614859934"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19575
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
H2 200 tulsa.js Show response
www.winhelponline.com/detroitchicago/ 16 KB
5 KB 24ms
21ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2375276
cf-ray: 62abd0e43ee34d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a700004d89893d5000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=z9ZxMIzwahzY3%2FIJsyjILCgUAiI715cGyBwJHdxaFGFuLm2Ia6J9hmDY96c3cJXIkeiWIF%2F7H0K%2B8ThdrceHpvWt%2B7Z28BNRaNj%2BB83Ku2dEaYW9OQC%2B%2Bq51OZMFcKKCEvY%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 banger.js Show response
www.winhelponline.com/porpoiseant/ 49 KB
11 KB 25ms
22ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f60242c2da457c137599d04bff9ed531f80c76cc38cb5cda5bb321cd0933273a

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 230436
cf-polished: origSize=50503
cf-ray: 62abd0e43ee54d89-FRA
cf-request-id: 089f40e2a800004d897f22f000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Zwnoho9nQ9OgVapAyr9HXbTgYoePVbX1sLxbLleFCZwKK2mLcAhFBFfDaNRYdN%2F2dtIoF23ABpiw3PhUU7ClCErC6iIMps8yelmjxaN0PJ1VI9wbS105Zwj0Rd1%2F4RTYhbA%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 memphis.js Show response
www.winhelponline.com/detroitchicago/ 5 KB
2 KB 25ms
21ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1405649
cf-ray: 62abd0e43ee84d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a800004d895a03c000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LOZJaef7QqEdSSswMjfXvbehoQs1q3XKnPY6ybBt7ZV%2FsMKz9nWLXr1iAItcmNigUO78mw%2BrR8j8UYuMCkiY3liSnC4vWjp2WCDgsdNWIdEJRYD5clkOwnnFzTVnAOQ2EZQ%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 minneapolis.js Show response
www.winhelponline.com/detroitchicago/ 864 B
835 B 29ms
26ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/minneapolis.js?gcb=192-8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1849558
cf-ray: 62abd0e43ee94d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a900004d89d0ab4000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iunuscQzS0lngHiw5IlPiYAyp1K2LdvohFpj2KBos4Lm0UZOh1IOirXFMtdoPg%2BQjMLFG%2F2lFMpkbqPMTeAuWGNm%2BsqmQ%2B8kuUfZCUbZRQSRosnBoNWT4xz5WE8LbkNlvzk%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 rochester.js Show response
www.winhelponline.com/detroitchicago/ 2 KB
1 KB 29ms
26ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/rochester.js?gcb=192-8&cb=2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 53642
cf-ray: 62abd0e43eeb4d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2a900004d898f9bd000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xOYHpMObuyhN2GWSN0P2tlSpAkBRGxRNz%2BfjqshyRRloWINlgQeRm9tvlDIGvtB8Uo7BuL%2F7AmfMemUgD2HNX8JgMkKrj4urqUL6HyTfBT8yE5AB0gBFnjmBMgvJxg4U3zA%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 raleigh.js Show response
www.winhelponline.com/detroitchicago/ 2 KB
1 KB 27ms
25ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/raleigh.js?gcb=192-8&cb=5
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 655420
cf-ray: 62abd0e43eee4d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2aa00004d89bf29b000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QuEpAXPZeknBKaXLf1fVxydKXE14poYg4G15Nx8b%2B4qb%2FYBOHfwXET8IhGfqwpDzt0Fxin3A7UwFrnfyDEvUcXWfOEZohSpPsDLrOBCck9%2Fn2LT22ZxRCe29DIzoBu1xoIE%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 tampa.js Show response
www.winhelponline.com/detroitchicago/ 773 B
794 B 29ms
26ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/tampa.js?gcb=192-8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1849558
cf-ray: 62abd0e43eef4d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e2aa00004d898ca5b000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GqrH%2FMEMxE5bEadGkqrhqCDTmtbNtcoMJ%2BKM1hyPKzP6r%2BIFK7PAWGMEtpgEeiAncUIkYFSgz%2FRHUul83zee5tv4bs8cLR4t7p8Mc47PXwqNWDqf7tJzNHi%2FDXyOz6QZuIg%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT Show response
absorbingcorn.com/v2/0/ 103 KB
30 KB 278ms
214ms Script
text/javascript 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

e88127ef92a9fd1f231cbcd9d27d643772d106fe3b5c233e5b370c5dd9e48919

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "9423705b9cf8cccab886689eb3915547e3428b2f5649fe229e1da19c806181a0"
vary: Accept-Encoding, Accept-Language
x-hostname: 670b36ad
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Thu, 04 Mar 2021 14:32:48 GMT
timing-allow-origin: *

GET
H2 200 lazy_load.js Show response
www.winhelponline.com/tardisrocinante/ 13 KB
5 KB 27ms
25ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/lazy_load.js?gcb=8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 6690657
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HyF2QyMt29ANmoPSV%2F4Ikj48VkT542sSPkn%2FS9BuUt%2B42X3uCP8FjqAXBDzEpmK3Rwjr1yt1vtpuG1MMt2YkXjbXgOQz%2BGYE%2BtGVIQmYx2%2BM46RWwqK14gamzF2keqmuUDA%3D"}],"max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e43ef04d89-FRA
cf-request-id: 089f40e2ab00004d89aeafa000000001

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e43870098517e0bdd4e0a54d10aa1381eaceb225d5774a8aa546be9aaa03ba

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fd62148b7be959fdbf453a639cb4de24c942145e1dfae9a47c0c22c35509a69

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6674a3b31bc7014d04e7aeef41596932d4dab2fdc391a3bf02064ccf1a3e64bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fbc17ed739bfc0cc8fe69f2e3fd6985843e179d0b9c75e08af069b95dc4c685

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b8ca12a460703aca3d43ad880e4e414d6e1a058d1ce9da226080afc42927700

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 619023867fc6c13f087935cfe535adc7b06b57d510b9b4b218e47a53708b87e0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d26d0a7d028ce6715d93cf37c8acd2eea0bf9323e72114d78b520e8f5ed1c1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b62a031b117adaa15131c8151dde56420a48f848f3d7c7b3be569bfe589d46ec

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc8b935fc7a0fb31c550d69f25b8453d3566520a35cc96bea92b10d71335debd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 77ms
57ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

dcc02165becda691e0d2f6c60e7381748a5b73ebd628557fc3ae762ed7458dae

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3465
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2056d978c6d084130d7efd3381d4884e8d38e35ebea5422139469c6f1579e811

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:47:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 143122
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:47:26 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 01:51:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:49 GMT
server: sffe
age: 477678
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Sun, 27 Feb 2022 01:51:30 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:24:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 144528
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:24:00 GMT

GET
H2 200 css_onload.js Show response
www.winhelponline.com/tardisrocinante/ 1 KB
696 B 12ms
12ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/css_onload.js?gcb=8&cb=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73618d59a3dc00468aa85f81f93cad60be8c20b12a5d4ba40d3f0de6d172a6e2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 363358
cf-ray: 62abd0e4f8604d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40e31d00004d89a9b77000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xugA5IwUsYjKKOPCFu9bd1OE5cdIfy93%2FZ3ZYCEPbOuJxaovVl3t8yOvoZmb2g%2FeN2jj8N7w35tF9zf7bhETV99MDCHH9OjR7MKlNzJTsYNGLV1e1l3wFTKV1%2B1gquIQCiI%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 anchorfix.js Show response
www.winhelponline.com/ezoic/ 879 B
676 B 16ms
16ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/ezoic/anchorfix.js?cb=192-8
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2358567
cf-ray: 62abd0e4f8644d89-FRA
cf-request-id: 089f40e31e00004d8960195000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7rhUXprOlt%2BidbK9ikeEI3VaECAl4k8XyjUtrINZkshbkWnXObj4YJwPru618fiMz%2FJLd03Ff8eiYlA3Cjxjw%2F4Rqwkz3u1ISUatUFMQu1lJff%2FBEwPaFuctMBWcU10fBfU%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex, noindex
expires: Sat, 05 Feb 2022 07:23:21 GMT

GET
H2 200 jellyfish.webp Show response
www.winhelponline.com/porpoiseant/ 40 KB
9 KB 12ms
12ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/jellyfish.webp?a=a&cb=192-8&shcb=34
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37d4ae593a1268d4afce8c38f61ea933982184d2d6055300c2bfdb8ca28c2846

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2363178
cf-polished: origSize=59534
cf-ray: 62abd0e4f8684d89-FRA
cf-request-id: 089f40e31e00004d899298b000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bnQxKcxw%2FXIPXK0STvWhBLjsgIuMAEaUJSvvpUlQzuihx32VJeAYubKbYFnIf%2FjrEV0Ver7pK5TSA6URu7wLhqsooQhKWtRAN%2FOzwix%2FdEO%2FQFFUDDoBqzg9OZqKZz%2BRhQ8%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
376 B 139ms
138ms XHR
text/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.winhelponline.com%2F&pid=AjdODdAiNmJ0V&cb=0&ws=1600x1200&v=7.60.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-medrectangle-2%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-medrectangle-1%22%7D%5D&cfgv=0&schain=1.0%2C1!ezoic.ai%2C6a88ed6ade2b65744bd01fe8f1ae3c0c%2C1%2C%2C%2C&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: IbAqwMTDeFg8yd9iqhoLI_XW8BuHEHiGWsDRDx7GYwoMg4TRG-fizg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 53ms
18ms XHR
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 8kbPIzTLk7_TMvnggUSDACBTugDfX2qC
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 38657
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 29 Jan 2021 06:42:57 GMT
server: AmazonS3
date: Thu, 04 Mar 2021 03:48:32 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Whsbr0-62DKq7_jYtQxpIxT3MsmyJZBx_YLsO7Y2ZZwh8YusULyKLQ==

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
131 B 47ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1955571415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.winhelponline.com%2F&ul=en-us&de=UTF-8&dt=Winhelponline&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=512978951&gjid=1420274045&cid=2097198560.1614868368&tid=UA-4931296-3&_gid=1704193449.1614868368&_r=1&_slc=1&z=1955903665

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 32ms
20ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=1955571415&t=pageview&_s=2&dl=https%3A%2F%2Fwww.winhelponline.com%2F&ul=en-us&de=UTF-8&dt=Winhelponline&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=2097198560.1614868368&tid=UA-4931296-3&_gid=1704193449.1614868368&z=679716128

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 11:21:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11485
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
350 B 30ms
26ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.6.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LK2vZzTdsIb6S67JvWPtsFyV6CJM0vlAwy621HcJz%2BEmrIqqQ03LuHYwuJ4WrBil%2FjIThmPPloELLjAzpR1aJp5%2BsXDk7Z0cWDjq4mtACeWb%2BWbrZOPlZunxmCXRxV6ocAs%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 62abd0e5794a4d89-FRA
content-length: 0
cf-request-id: 089f40e36b00004d89768b9000000001

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 7 KB
7 KB 56ms
53ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.2.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b8leAOi9BT5sARcdkzjtoiIjf0boyOrMR4H2zohjeEzPcBE9Z%2B0P688vCy8rWi3huDBIyEoALxkgWU%2B41o6RIs75%2Ba%2FQix3RS2m%2FahiM4Fqo2m4bZjYE7%2FWlleCcb6KPY9Y%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e5794d4d89-FRA
cf-request-id: 089f40e36c00004d89d0ac1000000001

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 565 B
565 B 59ms
57ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AFqr2ndDHKvEn7dtjgLC%2BtuePV3NtD0FA1vpyr%2Fakctg7gyyXluVFvLDiYwCbjivhe5XbAnEWYOc8K%2FXiVNETVS0SK8ROM2V2rk7MaX6LVJ9%2BbVWP05kfpm6w61jHeObwxE%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e5794f4d89-FRA
cf-request-id: 089f40e36c00004d89a6116000000001

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 9 KB
9 KB 57ms
55ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RQHLVPlXeY8JpYRlnaSBdlYTB%2B42CmBMQNVbBFZc7Zkej1tHJrAzqabhDruJ1l0J%2Bb2lRuMfgTJqrECqcfMK%2F2ZrK3WcYJ5bJ%2FKuuI6qr6vaODVdQe%2FkEXFOf8vHIHTM8PY%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e579514d89-FRA
cf-request-id: 089f40e36c00004d899c9cb000000001

GET
H2 200 font-icons.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 1 KB
1 KB 37ms
35ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.0.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KR8vZ5nuLFRq%2F2yykk4%2F6EIaR904cm2uZuR64M2SX5NoOsJTnIVFLp31gXeBV4FTlrNO7S6qj8sYd3OYsmtUfCydVvxHWYBJ2aVOATp5kUww1hTJTUa4mmx9t0uy43z38RE%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e579524d89-FRA
cf-request-id: 089f40e36d00004d898f9cd000000001

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
3 KB 35ms
33ms Image
text/css 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=1.12.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6tOcTcT7kFiJDAWxqNxjWpheXL3g6IdqLFZFfc3V4286ywyOzu87koVKwv6%2F6i%2BlvoCQAk39ndgz%2FDJqiPEnIKHGjkBRcXM9eY7b%2BY3Q%2Fkjxp0mGbsl5fLZPdHZpGCjh0Wo%3D"}],"max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e579564d89-FRA
cf-request-id: 089f40e37000004d8979ac6000000001

GET
H3-Q050 200 css
fonts.googleapis.com/ 22 KB
22 KB 44ms
29ms Image
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:32:48 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 imp.gif Show response
www.winhelponline.com/detroitchicago/ 43 B
508 B 25ms
25ms XHR
image/gif 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A0%2C%22ad_location_ids%22%3A%226%2C5%2C0%2C0%2C0%2C0%2C1%2C1%2C1%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A9%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A1%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A3%2C%22domain_id%22%3A105367%2C%22domain_test_group%22%3A20200404%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22602%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1109%2C1109%2C1111%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%229758a43d-d8ae-40f7-64b0-db51f0dae613%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A62539%2C%22response_time_orig%22%3A1011%2C%22serverid%22%3A%2218.159.37.125%3A14759%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1109%2C1109%2C1111%22%2C%22t_epoch%22%3A1614868366%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A1498%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/rochester.js?gcb=192-8&cb=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=69vM%2BPHmdSyiTi5MyfGwE%2FQLmYhol4i%2BlwkJP6V%2BaJ%2Bgof6M5Toh2%2BQzZeylIVdDKJ05bvX21j0ErebYn7mmxmR2w9lo2KniZue60P34xMukcFZ3vefBqgLYWtI7eZlcCOE%3D"}],"max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 62abd0e589624d89-FRA
content-length: 43
cf-request-id: 089f40e37200004d8952a1b000000001

GET
H2 200 nmash.js
www.winhelponline.com/porpoiseant/ 33 KB
9 KB 16ms
15ms Other
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/nmash.js?v=7
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb0d4b44df05b222ca7c181041f549780070c42ad8cc919f94d7874befd69747

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 665750
cf-polished: origSize=34120
cf-request-id: 089f40e37900004d89cb390000000001
x-robots-tag: noindex
last-modified: Wed, 24 Feb 2021 21:05:34 GMT
server: cloudflare
etag: W/"8548-5bc1b656330e8;5bbb86a0a74c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NOI3z%2BzVVBBAN3rKmpbI1rwD9OKHEOSV7Et%2BcKQ2D476HJKwR0mMSKVNPH0PqW7hMLW6Uzl3sh47aOIfelM8YoyRc%2BbEgrpDdNB1W5%2F8u17Gl8DrxDAoH4vJuOsAHt%2FvB3o%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
cf-ray: 62abd0e5896c4d89-FRA
cf-bgj: minify

GET
H2 200 style.css
g.ezodn.com/cmp/ 13 KB
2 KB 25ms
16ms Stylesheet
text/css 2606:4700:3030::ac43:ce7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/style.css?domainId=105367&version=0&cv=5fa624ffffff000000
Requested by: Host: ezodn.com
URL: https://ezodn.com/cmp/altconsent.js?v=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:ce7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e22a9da44d362f72a06246a2653d10f24cb3c8062ab3d63c93273cb41f212f

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 Feb 2021 23:32:06 GMT
server: cloudflare
age: 595973
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PlHIgyxtvtnEm2DyHsD1X4pOGqKNcNk1WxmeTcvz4yEyQWtA%2B0oS%2FpvJp1wCSS1WkZK2v2SG7JDBHx9Rgc0TxnbdvpGBGiJ8huVyKWbj%2Bcab%2F55OYVw4Kg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: text/css; charset=utf-8
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abd0e5ad9c4eb5-FRA
cf-request-id: 089f40e39200004eb511975000000001

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 9ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.5&blog=2943880&post=0&tz=0&srv=www.winhelponline.com&host=www.winhelponline.com&ref=&fcp=1334&rand=0.5499540219313521
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 who-logo440px.png
www.winhelponline.com/blog/wp-content/uploads/2018/09/ 11 KB
12 KB 16ms
14ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2018/09/who-logo440px.png?ezimgfmt=rs:440x100/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79f8ee3ee2be4cab6ca5ffbec67dd65fb85e2b93a2f7ad3f2cc22b6802c8871f

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2510578
x-amzn-requestid: ea08d4ed-5c11-4e99-8d08-e6f714f0df4e
x-ezoic-cdn: Hit ds;mm;64bc3c4df7827b971fd647e3d0445760;2-105367-3;9d1d36b4-1b7c-4cb0-54f9-989773c9c6c2
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aK3-XHJDIAMF8YQ=
cf-request-id: 089f40e38c00004d8967a18000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601aa05b-526a7b5442375f047e6d12cf;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xYulrsLUU5%2FO%2BVoECdTkkPWl4dWbvoy1npjSF60AI0Slo89Sox3VoV%2FlbaZpBx1jPh%2BCGJ68gk2y%2FsJsjMVYaBpKCcQr%2FC7K5BcGdmSWetPVhC5X3RFe7Uj9mEIhDJAANtI%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: HAM50-C3
cf-ray: 62abd0e5a9ad4d89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: 8nJ627om9WMR0eGs_S_vf_P8f4XmA_vOTK3rpkls8C4-5XGYFElNyA==

GET
H2 200 twitter.png
www.winhelponline.com/images/ 2 KB
2 KB 16ms
15ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/images/twitter.png?ezimgfmt=rs:48x48/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8783ef685913f06da7e385a57c93b9e356aa567402e0730579db45d90828660

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6df.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2515884
x-amzn-requestid: 542185b4-3a4b-4c54-a550-7ad5ab78952d
x-ezoic-cdn: Hit ds;mm;fa2fc77eaba8d782388d383728fa090d;2-105367-3;ede85f35-b377-4180-524d-8854935642b7
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aKp_fGPnIAMFS5w=
cf-request-id: 089f40e38d00004d89b03e9000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601a89fc-149bdbb06ea3326b5ff95dd9;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=szZE3MJUgLa4uBKQHBxU7YeZmhseoWfOdghfWIP0WUyHogH7GEmXH5Owqoj5ssWY3%2BhYOIxrx8qqa3%2BxK6BGOAubHKQ%2Bkz3H8n%2Bkwl2tT%2FZ7%2B%2Fz%2FO%2BPrg%2BdHJK4R6ttEXEc%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C1
cf-ray: 62abd0e5a9af4d89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: X1tZtzqxQXC0SEm1xyXiHLD_xd6XPr06fQ-IGfoYJz4Rc6M_l8kQzA==

GET
H2 200 fb.png
www.winhelponline.com/images/ 1 KB
2 KB 16ms
15ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/images/fb.png?ezimgfmt=rs:48x48/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f83db4d6431c0b742caf2343b1c14ece7b731a872e54220417b3760299f3872

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 4f2586d7d5737aae9f5500126b9eb2ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2515884
x-amzn-requestid: c861f170-f821-4f0d-9f49-dd2d068edbf2
x-ezoic-cdn: Hit ds;mm;6e437095995ff11f8e8fedcb8c351dc0;2-105367-3;e6663a7a-c0b5-4e99-540b-9b2f6138eb68
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aKp_cH5MIAMF6Wg=
cf-request-id: 089f40e38d00004d896019f000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601a89fc-23aecf67387b0b14542677c1;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BkJcYueOOlOwOIsG7zmn8YRVjXm5bE6PpsBYyx2jqyu7aYJJD92emGlapG2ftqTij6z5r21to7bLiRionOpSVnYhYvI61F2u8TZEIto2q94b7%2Bes8sz8WMLhh1mAVE1Urk0%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: MUC51-C1
cf-ray: 62abd0e5a9b04d89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: oFu_0loK0XFJmQZc3AsiwT1mYpxoJILD5b8-XWqVcAezxiLlV0sW7Q==

GET
H3-Q050 200 pubads_impl_2021030201.js Show response
securepubads.g.doubleclick.net/gpt/ 282 KB
100 KB 37ms
22ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

cd482357c0415690fe23972a4b6c62f0cdeebaa29f66bf2851bbeaed4450b982

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 09:37:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101677
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/323d4b81541ddb5b/ 274 KB
90 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 16:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 166342
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92213
x-xss-protection: 0
expires: Wed, 02 Mar 2022 16:20:26 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/323d4b81541ddb5b/ 41 KB
9 KB 8ms
6ms Stylesheet
text/css 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 16:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 166342
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
expires: Wed, 02 Mar 2022 16:20:26 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 9ms
7ms Stylesheet
text/css 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:57:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 2114
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:47:34 GMT

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 37ms
23ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be6ea471376a554ac2ed8e92739dceca2f341fa900bf25a6135a8b09cd3bdce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "13358083581237655570"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 07:15:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 199035
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Wed, 02 Mar 2022 07:15:33 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 7ms
6ms Image
image/png 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 19:41:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 586281
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Fri, 25 Feb 2022 19:41:27 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
182 B 28ms
6ms Image
text/plain 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
182 B 28ms
6ms Image
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 43ms
29ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
278 B 343ms
342ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2225031513230742&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D400%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368427&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=1&ifi=1&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

13100439599ff5287527639bcf7da75ce611510506de5a16068551de00dd4768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 72ms
38ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 27ms
6ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
271 B 380ms
380ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1505983882101714&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D400%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368438&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=2&ifi=2&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

96fa3ff5103b255801e3d58f9d46cbf10bf427afb3520cd4a2d0071713393483

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
271 B 388ms
388ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2410085906794067&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D400%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368441&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=3&ifi=3&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7b06e95c240c369e99653f0883ca7b3b553624af061c6a4a612045caa49605f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 471 B
281 B 523ms
523ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2445938045220872&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D679271%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-679271%26eb_br%3D8de2c8ca79e8623e3cb37120a35ebaa2%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D240%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C49%252C28%252C4%252C45%252C122%252C47%252C34%252C13%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368445&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=423&adys=1098&adks=886435671&ucis=4&ifi=4&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x264&msz=300x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0f29f21f86f411884165081ccce73438c7d84573344f4b5c55016788ab5dc1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
273 B 367ms
367ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=197243716502490&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368448&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=5&ifi=5&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

be293d5ccff73cf71d10b7a589ea284aa686845f585bf2274f672dbad90ede28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
274 B 424ms
423ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2254592579047676&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368452&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=6&ifi=6&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

aff3b2e7d612a48a827c7dc5c812625503bd2a70dd0352df892582b90a9dbcdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
271 B 356ms
356ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3879437947487016&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368457&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=7&ifi=7&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d625d7f1e80b219657e32a265bc83dd2348b04b37680ac40ed141b00823b6961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
711 B 309ms
309ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=380070773781304&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368460&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=8&ifi=8&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

792c65d21b0e3b479e2f12d545f718d052f224458ef778e9c2a8585382a19b22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 470 B
284 B 419ms
419ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3773174643037873&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid7%3D688725%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-688725%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D280%26br2%3D140%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C120%252C67%252C51%252C16%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614868368&dt=1614868368464&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1103&adks=1304616017&ucis=9&ifi=9&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

fff08307515fffef36d9c3c84bc9ee066b933069a6cfdf4220d759dd9869339a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Asby Show response
ad.doubleclick.net/ddm/adj/Azvgq/ 11 B
645 B 41ms
17ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/Azvgq/Asby

Requested by

Host: absorbingcorn.com
URL: https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ezoic.png
www.winhelponline.com/ezoimgfmt/go.ezoic.net/utilcave_com/img/ 722 B
2 KB 11ms
10ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/ezoimgfmt/go.ezoic.net/utilcave_com/img/ezoic.png?ezimgfmt=rs:62x16/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 717e9759657392ada69981d5b44649c2ec78b94f39c8d975131da59844b04bc2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 97813
x-amzn-requestid: 5f6937a2-9a91-4fcf-9876-523ae45ca81c
x-ezoic-cdn: Hit ds;md;f4ba2ae1c231ceca166d0bddc0cf0ef6;2-105367-3;74d5146f-4d38-4fb6-49e6-6c6ac90285ee
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: bjOF1HtAoAMFUvA=
content-length: 722
cf-request-id: 089f40e47200004d899c9db000000001
display: staticcontent_sol, staticcontent_sol
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-603df6f2-6f9143773751b99b6045d178;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VZcKi0B9rySbpK0UNhXax%2FDg%2F39NAItwCMUCiPTPwoKpu%2BwNaJGxfMNXz7UGtaMTrMBviiatupPyVVqXYrOli1IGzHtvdAOV7G0f3EI%2F%2ByITMX1SesuD3rgPiuGWamN7x34%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: HAM50-C3
accept-ranges: bytes
cf-ray: 62abd0e71c154d89-FRA
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: GfyfaQhCMnc7wblH8y0vMwjZ-AZOXM5WZEmEtlFpTYI5N2C5LMVoyA==

GET
H2 200 settings-cascade-menu.png
www.winhelponline.com/blog/wp-content/uploads/2017/11/ 17 KB
17 KB 18ms
18ms Image
image/webp 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2017/11/settings-cascade-menu.png?ezimgfmt=rs:699x503/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 839cd49aa2a6f409cc73f8bec9b4f0f13d72f56e5f36719a9522bc2b30f173fb

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 342268
x-amzn-requestid: 72c026fb-29c3-4090-a893-14211b1bb08e
x-ezoic-cdn: Hit ds;dd;a7d5034886074b6be5261b65819e73d2;2-105367-3;57ef58a2-1597-4ec1-46f9-f36e47ccd115
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: bafgcHpRoAMF_AQ=
cf-request-id: 089f40e47200004d89aeb18000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-603a7935-5932f77f76aefb465f1860bb;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NtZVwxkJyyzQJVKiLMZGNFfa%2Be9KGB9JWNEYfEsWd0qKdFCHYi33KIY56x7AGpPsbeNK%2FjnIO9TjApKe54wXCY5kjKdmUvl84flcYjFofx0SJfbvk76KolbhkcvqOIuYHqc%3D"}],"max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-amz-cf-pop: FRA6-C1
cf-ray: 62abd0e71c194d89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: BBkRet98MHa31A3X1RGYdnDc-Hjru1e6NXhzS-8nPdeogIUFrsaScA==

GET
H3-Q050 200 container.html Show response
tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame 2F93 3 KB
2 KB 36ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html

Requested by

Host: absorbingcorn.com
URL: https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ced5c873136c4fab4584c0c6d26dcd530c748303d7ed9b7a7966b2fe1d6f5915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-23/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1479
date: Tue, 02 Mar 2021 22:43:10 GMT
expires: Wed, 02 Mar 2022 22:43:10 GMT
last-modified: Tue, 10 Apr 2018 14:51:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 143378
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
376 B 68ms
67ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjgwMyJ9XX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0neNzNRSLcbb833bvh6C8ayuaA3ctFLxcnu0o56zXqAYCjEwdcSbD%2FbufOvBeFtB%2BlS%2Bx6%2B03De1rrYUajgOVtzgc8ie4tr0ToprWmPc9MeISn6Rig6qrQ11k2IGy40LkKA%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd0e8df574d89-FRA
content-length: 0
cf-request-id: 089f40e58c00004d89601c2000000001
expires: Wed, 03 Mar 2021 14:32:48 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 40ms
19ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021030201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2eb8705de009b9349821f03860254150a17d7b5761172b7a5887472a9fbd5fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6514
x-xss-protection: 0

POST
H2 200 v2olzGg5LBWYGYVgq9nWggzjleSVMtt1551gWeCKSD9nEm8uIcZkCkgSIEiMcjQj94v64HBw Show response
absorbingcorn.com/ 216 B
618 B 40ms
16ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2olzGg5LBWYGYVgq9nWggzjleSVMtt1551gWeCKSD9nEm8uIcZkCkgSIEiMcjQj94v64HBw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

9c425362669b7e1a841bdc2af775d7fd523709a380870eef4c9033a8af88f629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Thu, 04 Mar 2021 14:32:48 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 670b36ad
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Thu, 04 Mar 2021 14:32:47 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:48 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 4D10 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Thu, 04 Mar 2021 14:16:51 GMT
expires: Fri, 04 Mar 2022 14:16:51 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 957
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame 4D10 14 KB
6 KB 8ms
7ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 19:52:39 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 240009
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Tue, 01 Mar 2022 19:52:39 GMT

POST
H2 200 v2cba4Rkr2rOuREQLaNUzHErCJr8GUSCoReLhcvZrb9eBG35my16zlhVxUz-Wder8ef0iMR4 Show response
absorbingcorn.com/ 3 B
36 B 129ms
129ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2cba4Rkr2rOuREQLaNUzHErCJr8GUSCoReLhcvZrb9eBG35my16zlhVxUz-Wder8ef0iMR4

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Thu, 04 Mar 2021 14:32:48 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
x-hostname: 670b36ad
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
145 B 44ms
44ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021030201&jk=3427153961523288&bg=!SUqlSgnNAAWsVXnBrDsAKQB2-DxaKD2vgrZNF5pr-50qXAKmu7wH83z1IAK0DSkQeURxpV8zYx4YAgAAAFVSAAAACGgBBwoA8-o0zXatkdVpNRyzKkZiNSrA1ZGoZglKwR4ATWFBNMqS8ATOCT0-sbA1kQxmojPBHEc9oZ3m0h9NrDS2nRHwVV3wlnT3Yw90izvV4QM-AAbIYR3P1RcuFwYvOsas-XXfVUv4KREXwGC4461Ggy6JlG9GlF7yRcGIkcCUSoehSpLO2KouJRTNxTnmqBpuJq8HR_vv7dZQzClQ91IRrKku133YGKD8ZIgB37Qtzune_aATXXySNHuCPGFdHslqH9V1qe5_trxRwwI7cfPQ2rstv_tEXd2npA8uCCidM51cxjFjYbxa3VreZB6wh5xlu5OM-dmTQZkB2u9enKcb-EY5hQYPUO2U2X0KsBeyHm3rpOwLdlmWryXBsklV1dUJWYT88F-uj9_y9iv8nwGIwbpP38KYqXySu-lWPEHM164tybkBDnYaMthefhSV7B2X2nC_zlki_9F6W73ujEclMDIijnY3qc8VtAv3HHaUN4zpwqahlpOTi9BD-olpRR9hgEEsKuHSbqDd5FLPShr5hV7zxHihkRp38qitqg9PUs83xrVTpv4qbFs769bZ6Q3dIu3OdjEmstBikI45jN1QuIhnZKdMJy8fxlEOshPN7FN3fBtZncQVeCswYc1BdHLHtYG0Tpb2z8PcRnOoJ80UFkqKKdAymvuv8E3d0fIqSuElUt6_56NDrDgbBQ4lLDQ7UVTBs0E7r7tGmcQzfLbGDW0GmBhjTOjtqN-Oveehf6Z8JQNJcIPvHhpv4QqKpsvGcj0JuHTqyKcOYMOuvrxTn98CRcHQX0sTcHm1XJ-kRQ-LPwCFDjWyFY36TvBKarrnuHxVQ2hI1Myy9hsHNc2_j8NviTU_zOFgLvQtKYAjG8vE7S1ymcaL1PHQcltpmtzr4YvojFOHepjwSSvQYs0yEBK2l5KnLad0nSHiGnJaro9LxxYKaPC7XW_VkeZPl01yHjA9bg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 39ms
24ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
579 B 383ms
383ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2418659383393932&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D679271%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-679271%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C49%252C28%252C4%252C45%252C122%252C47%252C34%252C13%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D240%26reqt%3D1614868371807&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371812&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=423&adys=1098&adks=886435671&ucis=a&ifi=10&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9e39e4632592859250af733d8f5cc58a5c8cafbdc8f30ba75b4e0d4c160fcd05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
410 B 340ms
339ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4433580577975565&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid7%3D688725%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-688725%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D140%26br2%3D140%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C120%252C67%252C51%252C16%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D280%26reqt%3D1614868371815&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371818&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1103&adks=1304616017&ucis=b&ifi=11&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

eaa955a9453159643ec26ae298a32bee42ebd74e6386ba421b5e540d60e6b495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
504 B 312ms
311ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2347933667965251&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=3&rcs=1&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D800%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1600%26reqt%3D1614868371823&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371825&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=c&ifi=12&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

14ae521f1d108f4ca4dfd0980d8204061baab321252707ffd85bed133eb549e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
724 B 375ms
374ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=358352332433537&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D200%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1614868371826&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371828&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=d&ifi=13&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

feb7a5577dbe893b3e3d18f81d09f6428c747616be42482bcd53f9e707c7202d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
439 B 357ms
357ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1989752007639661&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D200%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1614868371830&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371831&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=e&ifi=14&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

95b6ad09fe86b7e964d364eb9781bc506a00fb1b7fc8f38ee181080fde5ce25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
392 B 394ms
394ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4240175412289700&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=3&rcs=1&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D800%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1600%26reqt%3D1614868371833&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371835&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=f&ifi=15&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0175ee728b2facf49da44a0f084dbd43847b73a43eb9bf5a45161ffed61c0a3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
391 B 321ms
321ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2751928468632838&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=3&rcs=1&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D800%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1600%26reqt%3D1614868371839&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371840&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=g&ifi=16&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5ddf9915b623693344aa9a128880e86b9d879b11d04d5b3bd2ddaca0cf269d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
392 B 334ms
334ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1975168134976021&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D200%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1614868371842&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371844&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=h&ifi=17&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5f76e770cbb0d1ac772c3bf60f376df31b95d80e5c18913e4018ddf7c55ed03a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
392 B 304ms
303ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4010213320008340&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=3&rcs=1&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D800%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1600%26reqt%3D1614868371845&eri=1&cookie=ID%3D171a257f6d10a324-223adb42adba00ba%3AT%3D1614868368%3AS%3DALNI_Mb1NAfMxt5hFvgXfq0NVKb-HU9jOA&bc=31&abxe=1&lmt=1614868371&dt=1614868371847&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=i&ifi=18&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef0c15eb92404933c20fb8771a459c326f86984c224c01028c539bfa823b689d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 338ms
338ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2990381717185989&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D679271%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-679271%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D60%26br2%3D120%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C49%252C28%252C4%252C45%252C122%252C47%252C34%252C13%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C19%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D120%26reqt%3D1614868372316&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372319&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=423&adys=1098&adks=886435671&ucis=j&ifi=19&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b9c1b4d59d84bf437c902238f9f500ae95aacd906a7863a5ea0521de4706615b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10736
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 347 B
179 B 371ms
369ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=941632125797765&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid7%3D688725%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-688725%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D70%26br2%3D140%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C120%252C67%252C51%252C16%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C19%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D140%26reqt%3D1614868372328&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372330&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1103&adks=1304616017&ucis=k&ifi=20&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

177fbf8c16cccceec34cdea8d22754361ffd6600499180f94cc93f7d5a97dec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
172 B 185ms
185ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2324792446310580&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=2&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D800%26reqt%3D1614868372332&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372336&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=l&ifi=21&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

997fcf32c04a9fb22713db794dffdb66911546785d2dd592c772e7a9c0e39967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 370ms
370ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=88854942589547&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D140%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1614868372345&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372348&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=m&ifi=22&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ff54a23fb5c53315e5087a6cbd31f4d2734a53bfb42ab0bf6bee6e315c276a02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 312ms
312ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3029460905493655&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D140%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1614868372351&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372353&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=n&ifi=23&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

763c71e62ed7208596bac8c8ba98cee015318915484af8617a8799dea7af03be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 191ms
190ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1013200939967364&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=2&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D800%26reqt%3D1614868372355&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372357&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=o&ifi=24&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0523d5ec6f1d92ecb25cd5aeacfabc72a5c6bd78c7b61408d06536f514904bfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 362ms
361ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3607893965681580&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=2&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D800%26reqt%3D1614868372358&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372360&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=p&ifi=25&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b48f43d267e851c4b651fb03ef86d8b7d9027222a02227edb1eaaa7f7f7d1a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 373ms
370ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4035058651699885&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D140%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1614868372364&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372365&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=q&ifi=26&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b4ee1274b70caa492a7b2a6e361e8daec408b94db560f5e1a5610599f00931be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
173 B 395ms
394ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1080055607263656&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=2&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D800%26reqt%3D1614868372368&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372371&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=r&ifi=27&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b1636edd35c3cd5ce5dcdec35b21a5051eafa5eb7c66f08b7567aafc2c14754e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 9BBC 185 KB
53 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182359
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9BBC 12 KB
5 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182359
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9BBC 87 KB
27 KB 40ms
17ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182359
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9BBC 3 KB
1 KB 42ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182359
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 9BBC 40 KB
13 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182359
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 9BBC 5 KB
772 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:25:58 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:52 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 9BBC 5 KB
726 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:03:26 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:52 GMT

GET
DATA 200
OK truncated
/ Frame 9BBC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f130178018a6fc28a68fac5adbb779b71fbaed03d08c2161393969dbd43da55

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9BBC 0
0 49ms
48ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxLtllO9AYImmFpStrASmmaboBKqU68xhxt2mnYoMhPLI2pQOEAEg9PnGJWCV-vCBjAegAcCU7_wDyAEG4AIAqAMByAMKqgTmAU_Q170i5VZgXd8ULoJLxfOS2n1b99vb9PzGtCPOQg0Ep0-0M-rQ0-5cF81yc-KqQGO-Gm1LLlFWjSxcy_AfyUJWYL0M-2v1L7o-q0xW5GbkuW0JZMpXD1iD4wPyAW8r7pmDduC6xP2Ba3YmQUR0FctLBFZ7XUbEdL_IZJJHeVWKZFyWu8JHt15RZs9mT09YYF1uZ64yNu9f2GEYpvLnPMR2Sah_zga0Smg10uN2sDp82lZXFf9sXgsVlYg05c9xR7GMF-gC0AcnzH5Ab5AoHVbeF1YYefL6X10gPxV1sUdcw3kNXpjCwASrnf7E-AHgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AHqOuQA6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCo1yTSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEwyIFAOyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=3bIX6cFYSv0&template_id=492&tpd=AGWhJmtignfMcAkyf72Ik93O90ha72cl78vawTw17bMM5ePtIA
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 9BBC 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTw5NpmeeuseHDP22CXjpEWzzbwgRXc7ElTVp6-VTPbDMWMvi0kpOWs3DrkDMsfsbFogIDqkfOo3KmQhh3ZNkrqEXiGWw
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9BBC 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22195
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9BBC 295 B
510 B 7ms
6ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54481
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
321 B 20ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ3MTcifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a4ul7NgScyqPF3rzn8A95kNUecUb1lBh%2F8NBp3FgrXKM49IaWJeXWl6OXybZ7fu8dES7%2F%2Fzj6hynEc%2FlwJh6HXVjK%2B7126l4I3PLOvYsOMgmo7em0FyLqSc1nFRkBGr9il4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1015a4a4d89-FRA
content-length: 0
cf-request-id: 089f40f4d800004d8974a1f000000001
expires: Wed, 03 Mar 2021 14:32:52 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
275 B 24ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJjMzUyYmE1ODFiZDNmZmQ4Y2VhNjA4Y2YyZDU1ZjUxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA2LCJiaWRfZmxvb3JfcHJldiI6MC4wMDEyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDA0MzUxNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2WWgbN0UV8k0LD%2BAbIKvUy1q2V1IvopJSx%2BXwg09Y3hBWokCoKQ2FVoEaulQcnVNcV6SEeGdwfX4lc%2BdRltU8kOAfdqU0wlWp%2Fr%2BJsEgyQMlhq2UdokuHM2Vz3wyanUHd7M%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1015a4d4d89-FRA
content-length: 0
cf-request-id: 089f40f4da00004d894f154000000001
expires: Wed, 03 Mar 2021 14:32:52 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
93 B 59ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
300 B 19ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gWGszcXaUui5WGZlZF4d83LQj12nkxHt0ajDwCSXIvdzRMtAusGNulULcOygu1eAE4H1aktveIQmAYkTilSP%2B0mUs8%2Brt%2FXXoHtoYJU%2BbK%2BJRb5CjzhkFx3DzJ%2Fk6X79AQU%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1015a504d89-FRA
content-length: 0
cf-request-id: 089f40f4db00004d89d70c9000000001
expires: Wed, 03 Mar 2021 14:32:51 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
398 B 23ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjgzNzMsImFkX3Bvc2l0aW9uIjoxMTExLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiYmlkX2Zsb29yX2luaXRpYWwiOjI0MCwiYmlkX2Zsb29yX3ByZXYiOjEyMCwiYmlkX2Zsb29yX2ZpbGxlZCI6NjAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjM2MSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:52 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mReKvJif%2FEb9MUbb%2BiFa0juQidwIXNGmnpJN5w4%2BtZTuBGYn6PzwFn5eydDUqU0eTKQvt%2BA2HcjVUshQ9XRE3Urz5uSo4FR2DDx9A2uxAWM11iljdIktg2LIWMYxNQ9bGW8%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1015a514d89-FRA
content-length: 0
cf-request-id: 089f40f4da00004d895a177000000001
expires: Wed, 03 Mar 2021 14:32:52 UTC

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 9BBC 11 KB
11 KB 36ms
19ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 03:58:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 556454
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Sat, 26 Feb 2022 03:58:38 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 9BBC 11 KB
11 KB 37ms
21ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:43:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 143387
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:43:05 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9BBC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:32:52 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 347 B
205 B 184ms
183ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2639740938498224&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid7%3D688725%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-688725%26eb_br%3D7432360301409ae695ba255f16fbcf06%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D20%26br2%3D140%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C120%252C67%252C51%252C16%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C19%2C17%2C18%2C19%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D70%26reqt%3D1614868372844&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372848&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1103&adks=1304616017&ucis=s&ifi=28&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

dbb382f89e65842b70a24f18003def83adaf1df705d084555568c59d86199e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 205ms
204ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2023649556630363&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=3&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1614868372850&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372853&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=t&ifi=29&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d986c94a06a3d0a95ab01276c1086a9cb90a114e1be0e5446f8adf40b7d8753d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
171 B 195ms
194ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1062199965297630&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D80%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1614868372878&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372882&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=u&ifi=30&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9f0276be8515629362424cf288cf8e94ced32542167747a0c1d17a6d75ae6a0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 196ms
195ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2347180958056000&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D80%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1614868372885&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372888&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=v&ifi=31&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7503d4bda0f5b992a9332fa98f8e8573d4aef80b374d640799ca3c87d808eb93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 183ms
182ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1641777107274021&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=3&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1614868372889&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372891&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=w&ifi=32&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

492799bac5485370257524687c11994d7e7c2527ad1504f2e583c0976aa1b8b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 175ms
174ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2235179634598817&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=3&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1614868372892&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372894&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=x&ifi=33&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=7

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7b77233bfa1ba7dd38506d93a68c219fd6cf5b224172ce419fc83ff497316d4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 199ms
198ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3183162796126702&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D80%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1614868372898&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372899&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=y&ifi=34&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

2dc7cf23d2fdab261d5c779cb00582ed04c64693f15168bb693fd5dd280a9094

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 178ms
178ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=823767688610202&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=3&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1614868372901&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868372&dt=1614868372903&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=z&ifi=35&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=8

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

c4139a34d61eb108974fb29e1a5b762cf4245b0cf63880a74f7a893a7f7565ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 17ms
17ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
28 KB 241ms
241ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=189293405807756&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid7%3D688725%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-688725%26eb_br%3Db6c98a8bb15764f1c4ee331dcb724178%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D2%26br2%3D140%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C120%252C67%252C51%252C16%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C19%2C17%2C18%2C19%2C17%2C18%2C19%2C731%2C732%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D20%26reqt%3D1614868373351&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373355&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1103&adks=1304616017&ucis=10&ifi=36&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5c0badb73fd6f0332b00fd7f2cbd3ae540971d875bfd50e5c6e23b6e0be4d3a2

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKyihb7tlu8CFVT4dwodhTcGGQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/5503257267549951870/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKyihb7tlu8CFVT4dwodhTcGGQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/5503257267549951870/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27707
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 04 Mar 2021 14:32:53 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 186ms
185ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2844555450905357&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=4&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D46%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D180%26reqt%3D1614868373361&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373362&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=11&ifi=37&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef695108b9a9dea4dfa01e428cb374590423448b4def86977c634fb0d841305c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 201ms
200ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2574317075719542&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Dee685f77592ce296910ee91457d66ba3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D40%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D80%26reqt%3D1614868373395&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373398&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=12&ifi=38&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ee7512d6db22d38268db6d062b9a322c66ff1b774729c8f58e907823d406dee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 169ms
168ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4171335628278237&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=4&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D46%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D180%26reqt%3D1614868373400&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373402&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=13&ifi=39&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

383de82ada912e90d91f02c6ae6d4801ee2c41edbcc9d1c97e1fd1c4127f873f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 180ms
179ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1290053297928650&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=4&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D46%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D180%26reqt%3D1614868373411&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373414&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=14&ifi=40&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=9

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

c2fed10faa71823f67af6f1cc9acbfc1dcf3647bb156056d9e7bdc389b5a2a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 260ms
260ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2567085268928221&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Dee685f77592ce296910ee91457d66ba3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D40%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D80%26reqt%3D1614868373416&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373418&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=15&ifi=41&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ec28f50ff7b7ee02d3e5fc37c85cbd59d56c2a836e84904a64a80f7a12bef253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 171ms
170ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4478238124301290&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=4&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D46%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D180%26reqt%3D1614868373419&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373421&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=16&ifi=42&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=10

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ba6960b29e88de515524bad199e15e41cb9f91d981e673ac736ff2361c368183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 edmonton.webp Show response
www.winhelponline.com/detroitchicago/ 13 KB
4 KB 14ms
13ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/edmonton.webp?a=a&cb=192-8&shcb=34
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d798d8773831f64f1228bc59f6dc361eae9b0811b1cbce20d639a8695b1d118c

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2363183
cf-polished: origSize=13962
cf-ray: 62abd1068c344d89-FRA
cf-request-id: 089f40f81700004d89cb10c000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HdBkvowmKbjRMWUqb6r3VwKCtDBZOhEInznMKuDHHaEIBOyig3W0d7oWrlA%2F87BJsO4r0lHLGrMdC4yt60VEjSedtxixqEordHnTBLEtjKLHlJatXKL%2FDCKFIKXZwXCUP%2F4%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex

GET
H2 200 vitals.js Show response
www.winhelponline.com/tardisrocinante/ 5 KB
2 KB 20ms
19ms Script
application/javascript 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/vitals.js?gcb=8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2657386
cf-ray: 62abd1068c364d89-FRA
x-middleton-display: sol-js
cf-request-id: 089f40f81b00004d8957b88000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4SxcN2WwTKKUx2ZrM3jt4n%2BNLTBoDNnRzKytASLIAkgXmoQAHQ24VxD8rlHNIAaPTsJPUwysFndVtafoALFDOhp0%2FpYKV%2B%2BdWeTZVg%2BrLBJN9D9aNfmXo%2BN8INCMOL4pwt8%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
378 B 20ms
19ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNDEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODcyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjQxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE0NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE0NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE0NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ipLZA%2BRnRF5TIp4R9ZW%2F3gogE0HSlHq2PhhJ5C%2BbtMRt9YbPQ67VYJgXpD6krzkz2AqxpOyFiXEU3nunLuvUZPdBAMHhHmPoVEruytdX93eQzWACArJDFetH4Z27f6635rc%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1069c504d89-FRA
content-length: 0
cf-request-id: 089f40f82400004d896f995000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
295 B 26ms
26ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxNzkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxNzkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNDMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNTcifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0%2BfDTMsS2nOvI2v8grNou5t6ptXGwMSrKoEMcP0iiyP4MTvEiww1gjnqhbXS0LLENRFKWzaEaZ9ZYIsqwb9Bk3Dv%2FiEZRfGiEAA%2BwbKsX2aLv6s4WoGQgKqI0Xth67ek9do%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1069c524d89-FRA
content-length: 0
cf-request-id: 089f40f82400004d89a1bc9000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 20ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjQyMyJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTA5OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODcyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMDk1In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJ0cnVlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzE1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIyMDUifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiI2MzkifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjIwNSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6Ijk2MiJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjA1In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qOXdoI3MP161Jd7cA47II3ikBsAxqn3%2BOzl3r%2BKCJ41GjdnfYs4iR37%2F9ANpCspJkUqVqm6J3E6tS7rsb26pceOW5qAB8ztm%2BfbdphoLMH2%2BHBYwf8CassZLMCNxzsUTrkg%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac574d89-FRA
content-length: 0
cf-request-id: 089f40f82500004d89d62ec000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
401 B 25ms
23ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzMifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjY3OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzMifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6Ijk0MyJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzMifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjEyMDgifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMDczIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxNDczIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NpXCXVBSB0q%2BM3VtxHt%2B7kCMhEDjio7HWzVb55d3N%2BSJBPhwnxChHnF0UWGDJzLx3rYyOnDfgZdXXR09wHlewrkEZ6qBwuQ4vxBJG5PYFlMlH%2FcD3NlT9jw4rkkzFfN4bx4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac594d89-FRA
content-length: 0
cf-request-id: 089f40f82600004d89c23a9000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
270 B 19ms
19ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=keX327fERJl12bS0TEJoWPQHmoKvwv5SRL9yVihLwF%2BdewSOIEihiibJfP7l%2Bus01C4tc9bUkVTNh673u9brN5HNZgifhYQuxtNOQpLkORvn7WF72XrS38j9U4tf9magse8%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac604d89-FRA
content-length: 0
cf-request-id: 089f40f82800004d899109c000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
278 B 17ms
16ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjMwIn0seyJuYW1lIjoicGVyZl9jb25uZWN0X3RvX3Jlc3Bfc3RhcnQiLCJ2YWwiOiIxMjMxIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI5In0seyJuYW1lIjoicGVyZl9pbnRlcmFjdGl2ZSIsInZhbCI6IjI4OCJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjI4OSJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiI1NDkifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rYOk%2BI%2FEjJMvl2WDEH0%2BS6ztRzZpdKIWmKlrdVN5WfP%2BpF5D%2B%2FeELtCwodtzsubmQhG0clHqJLfTQckklrk1zSxPUGAHWd1L85V1WBvDpjq6dl%2BQq300rWienOg56K6Wve8%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac634d89-FRA
content-length: 0
cf-request-id: 089f40f82900004d895a1b5000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
271 B 23ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIxMzM0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIxMzM0In1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tFgw%2FDqeMCOydINelPsGQBR7qcor8PKEEvYvcZcOrt6TQzY4Ewkj4gdVVW0F19l34XR0SjRRKsUfjFNsJNM8jIgJ1shNluE%2BYcfa1nqD46khL32TRZ4CHU0D3Ib82ymD3c4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac644d89-FRA
content-length: 0
cf-request-id: 089f40f82900004d8960312000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
274 B 24ms
24ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiI5LjIifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KAbnKo46gZG8O%2FzPYrSjZpwgs04T5OfPn1iZoIt96FxDL0KeTZJKpAdylq%2FBPcoo9Xjr4mmjGWDs3N8RFwEHb7lmDtN1cUvnmV%2BcKssNYCDDRu8gIw3r%2Fd%2FLmsiQP20bV9o%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd106ac654d89-FRA
content-length: 0
cf-request-id: 089f40f82900004d8965b6a000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H3-Q050 200 container.html Show response
139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 46AE 6 KB
3 KB 33ms
20ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:32:48 GMT
expires: Fri, 04 Mar 2022 14:32:48 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 5
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 16ms
15ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774803212306"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:53 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
280 B 29ms
27ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJiNmM5OGE4YmIxNTc2NGYxYzRlZTMzMWRjYjcyNDE3OCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAyLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg3MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NDg2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg3MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FXpt%2BF65AZDXPYnwIENRgKFIJXoOLug3aM9%2FJj9SNC1pzJVW493sAeoh5JIHmUulbbuMFov7%2B3v5Bfx2kIUQpdKCqdADUFS%2F%2B6WoED1m9EMPX3PQ2VIybwaxiuJDQ%2BJSGTw%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1072d424d89-FRA
content-length: 0
cf-request-id: 089f40f87700004d89bf026000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 18ms
17ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
279 B 21ms
21ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yApE3QrI4f4PGnXJ%2FNMB5%2BBEGjoR6Xs9M5AglTVN%2FLeZB%2B6W7tb6qkYvMLOdbf06S3Z%2F3ifsqaFcs%2FZ3HrHiMTL8BUnhQsMMBDGu6ChypePWJukwj8BdnC7DkazvqWfgi3s%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1072d434d89-FRA
content-length: 0
cf-request-id: 089f40f87700004d898fb43000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
402 B 15ms
15ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjgzNzQsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiYmlkX2Zsb29yX2luaXRpYWwiOjI4MCwiYmlkX2Zsb29yX3ByZXYiOjIwLCJiaWRfZmxvb3JfZmlsbGVkIjoyLCJhdWN0aW9uX2NvdW50Ijo1LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyNTksIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GcoFANDRhURMAT0u2m%2FfNoWANbXtFmZ0JilSybGLOBasEXqyv%2BuhT1wOVkj2TzNneog0fVekNPjKXLzl0KYKn%2FaVajePlVEToiONRIxSkPOhx3z5bkje18VKpMumLAlYY3w%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1072d444d89-FRA
content-length: 0
cf-request-id: 089f40f87800004d89d7112000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/ Frame 04DE 78 KB
20 KB 9ms
8ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f53f926a3c79cde491ead9fb376a19a753740683a859116084e2a0e3d499354

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/5503257267549951870/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 26 Feb 2021 04:48:00 GMT
expires: Sat, 26 Feb 2022 04:48:00 GMT
last-modified: Thu, 01 Oct 2020 07:58:19 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18654
age: 553493
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 46AE 0
0 43ms
42ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTpHNle9AYOyDGNTw3wOF75jIAayC_49g-uLg2OEM9ey6sLQZEAEg9PnGJWCV-vCBjAegAd2P9u4DyAEJ4AIAqAMByAMIqgTrAU_Q6oxE5C26E_bmN9RzKQ7HMnX866lww0Jb2YmThbp54BHStr-z5T63B5gDfNvhypSVlyX5JQOI3SpXPAr0_x-uHhmkbivYa09ZEcBlGn00GKW1xGCTO0DW-P8yQzm3XxmqjxCeK-bI-kTCeWWCPHptmav7FTzyaULPbV16fc9fPiXhgB1rvuAvGDkOQ7uFIU4uBXiNEuiJHx7ir6r7pt3kiPDuPfB4LHYoTsa_2TAYS4NfmWex1iAK17VqlrjBORz2MFeF_Z29erNqkvL_GJf5n7RNUl_ycXBXa0BqksNN_Scy8qB8zJy8_R_ABIa9hMPZAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeL8IkRqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIekAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTMwNTk1ODM4ODI4MTA1M4AKA8gLAdgTDYgUAbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=7G-cIBoUTVU&template_id=419&tpd=AGWhJmv37BqH2CRhMiqm4ceSkxGTiDI0-sf_nqdTCmhsDFDa0g
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame 46AE 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 16808423653712541117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:30:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 46AE 3 KB
2 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:31:24 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 46AE 110 KB
34 KB 16ms
15ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 46AE 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 610
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:22:43 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 46AE 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRjISLdrbvLus4mwTFMsRphKZZHrKQjzmsCu0vRhELy86W-DmRPAx23EcWjOhPPabkBI5A4Nk-wKwsfHNgAvFhbjeyXBQ
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 04DE 6 KB
759 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,regular,600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:32:53 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:53 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 04DE 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 04 Mar 2021 15:52:29 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 04DE 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 05 Mar 2021 13:07:30 GMT

GET
DATA 200
OK truncated
/ Frame 46AE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4d3db706892fcc71fa557df3269b1b7fe850591a0f8590222fb4d7360523c6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 04DE 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,regular,600

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:24:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 144533
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:24:00 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 04DE 9 KB
9 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,regular,600

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:47:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 143127
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:47:26 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 04DE 9 KB
9 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,regular,600

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 01:51:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:49 GMT
server: sffe
age: 477683
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Sun, 27 Feb 2022 01:51:30 GMT

GET
H3-Q050 200 Full-transparent-background-512.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/ Frame 04DE 7 KB
9 KB 10ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5503257267549951870/Full-transparent-background-512.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a1562b1d568d8ed640628f0cfad93a30ad41ee66bdc2bb54a27c6ccb9bbc95e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 239479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7355
x-xss-protection: 0
last-modified: Thu, 01 Oct 2020 07:58:19 GMT
server: sffe
date: Mon, 01 Mar 2021 20:01:34 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 01 Mar 2022 20:01:34 GMT

POST
H2 200 v2olzGg5LBWYGYVgq9nWggzjleSVMtt1551gWeCKSD9nEm8uIcZkCkgSIEiMcjQj94v64HBw Show response
absorbingcorn.com/ 197 B
280 B 22ms
22ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2olzGg5LBWYGYVgq9nWggzjleSVMtt1551gWeCKSD9nEm8uIcZkCkgSIEiMcjQj94v64HBw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

0252d3040663f347465b274f3a62abd4f04e4f001d4bd0ff0d9e11dab08e0368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Thu, 04 Mar 2021 14:32:53 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 670b36ad
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 197
expires: Thu, 04 Mar 2021 14:32:52 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 193ms
193ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3916134484760027&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=5&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D4%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D46%26reqt%3D1614868373889&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373892&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=943&adks=1947973535&ucis=17&ifi=43&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0b6fdc4e2bf35682e0695e5fd3fbbb4e6f2a04376904ab2e30f7bb66319b0699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10762
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 233ms
232ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1705311615646253&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D16%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D40%26reqt%3D1614868373911&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373914&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=639&adys=205&adks=1970382492&ucis=18&ifi=44&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

57cdc7631e631b64fd319d393cbbb71ae6054492337884a4ccb53207b60ace0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10760
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
28 KB 182ms
181ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4097948871495958&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=5&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D4%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D46%26reqt%3D1614868373916&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373919&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=678&adks=4174927576&ucis=19&ifi=45&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d28edd11b74a0291b015931929f4bcf853c9837951950f3c945735dcdb8060d3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COvDqL7tlu8CFT0QiwoduJ0O4g&gqi=&layout=/sadbundle/%24csp%253Der3%24/12575474388415307380/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COvDqL7tlu8CFT0QiwoduJ0O4g&gqi=&layout=/sadbundle/%24csp%253Der3%24/12575474388415307380/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27617
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 04 Mar 2021 14:32:54 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 40 KB
10 KB 204ms
204ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1123921758544641&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=5&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D4%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D46%26reqt%3D1614868373928&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373931&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1208&adks=1214061133&ucis=1a&ifi=46&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=11

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d144a1f2bc7a2ff334c085bd26d3c7cbc779abbbfd3c220ab1af37585940488f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10337
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
8 KB 217ms
217ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=3564041329120080&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D16%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C152%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C34%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D40%26reqt%3D1614868373933&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373936&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=1b&ifi=47&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

4f28c5e287a3fa4c4a051593bf498248afb520e19c2a700eaacfed67dc4495a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8654
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
28 KB 198ms
197ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=4265667267019965&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&ris=1&rcs=5&prev_scp=iid8%3D701625%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-701625%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D3%26ftsn%3D3%26acptad%3D1%26br1%3D4%26br2%3D800%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D46%26reqt%3D1614868373938&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868373&dt=1614868373941&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1473&adks=1038916690&ucis=1c&ifi=48&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=12

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

17e361e43deccffc9c1e621630d9e9fe55928101226d6588cd5c6ec35173082a

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIidqb7tlu8CFaoMiwodMsYE_Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/15470226079987103343/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIidqb7tlu8CFaoMiwodMsYE_Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/15470226079987103343/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27733
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 04 Mar 2021 14:32:54 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame DC81 185 KB
53 KB 38ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame DC81 12 KB
5 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame DC81 87 KB
27 KB 41ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame DC81 3 KB
1 KB 42ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame DC81 40 KB
13 KB 42ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC81 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC81 295 B
485 B 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame DC81 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f67b70481772b372e1054067ee2821a6b8735ba4521f0d5d16c0fdd48bc7773

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 17798343744532142239
tpc.googlesyndication.com/simgad/ Frame DC81 53 KB
53 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17798343744532142239?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm4lvgWjpRiVQOxzWdHb6V6UkAkGw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de4fe78795635eaa62bf868d0821774266e4a0258c0e8683380b0b4348c720e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 11:01:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 12:59:14 GMT
server: sffe
age: 271882
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54474
x-xss-protection: 0
expires: Tue, 01 Mar 2022 11:01:32 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame DC81 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQJ2aL6oi2Oe7Go25xc5OWIsRyAe1tEFtqJn4sB8ezlDiHKeGg2ZOszTe87FfZX8TuxslXGyRPOxu3FvO5IgRrX0AXPzA
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DC81 0
0 44ms
43ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CpkTNle9AYIr0OMX53gO8iYC4Do3Fw9dh_bD12Y0Nsv6hn4wOEAEg9PnGJWCV-vCBjAegAYeiqdwCyAEC4AIAqAMByAMIqgTcAU_Qn_ChT7B_8iKv1cDrWfS3Bin2DS2kIAzMPPSAgpSpTTPhbQSZASp42cXClccM7RaTTsoBx8tnb5enQzWW0rwH22r5XSBE1Bldq46gA_4wsbWvMlUW0R6tnnnIC9vNo36mG4kqyosCzzPaf4oP59INoKhFtSKZhRp1d-KsMKPe5bNh5HnvwCqotOktrmWsHHHPxw7Ygvp-DSWVCJrD_wFb2pVwW98QnIHbXE4v3C-Wa3tOF9a5SQ1XaY9UcQOxZfNP7rr9g1WJLOlfG68ucEvKkNKhxm2W2DOAYeXABJ_HoeujA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfY_fjdAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCnwALSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEwyyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=TNu9QULUmKc&tpd=AGWhJmsaartlLXBKCAvMMwwghlQVjnWQsw1N3dnC0cvCI9aIbQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
273 B 24ms
20ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQ2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwNDE2OTg4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LuvCdR006PrvzzBk1LmT0eqr2QoPU28aHbjh%2BKrOEu%2B6mfEBn1q1en%2BuGveJvktCwjBq2G75RgNNPjni1bx97R9rfs7GPxoU4eE2TqxpwYWCrQR7N287UeE7yjf%2F7J1WyYA%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a3a654d89-FRA
content-length: 0
cf-request-id: 089f40fa6400004d89cc38d000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 19ms
17ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
319 B 18ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mqDvUBqKYen1vLeHkop36AaqgU9HRNgCqF3lV9w2gyrgaNcHeyOK6S4zitU8iKvQIYU9cTfPIguzqwTYFO%2FCRQ%2BQHn0aVGGAVGlL4%2Fl7c1IKmm2bq8HqnpRGQTpIdKFPiF4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a3a694d89-FRA
content-length: 0
cf-request-id: 089f40fa6200004d89a990e000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
397 B 19ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYXVjdGlvbl9lcG9jaCI6MTYxNDg2ODM3NCwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjQ2LCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyMDksIm11bHRpX2FkX3VuaXQiOjEsIm11bHRpX2FkX2NvdW50Ijo0LCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SLlS9vaR0f7QGorD2LwrSZ%2FnitzlHxwjAz%2FIZnox1e%2FYT36HJxLxI8upTOQfVnYj5tmJg4uUn3JBZqrQQlQ1uIDCP2utUe35C5JASYWE4ebZkt42O9h4crJzqpzTaVZ95x8%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a3a6a4d89-FRA
content-length: 0
cf-request-id: 089f40fa6300004d8982ad6000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H3-Q050 200 container.html Show response
139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 5C31 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:32:48 GMT
expires: Fri, 04 Mar 2022 14:32:48 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
273 B 29ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI5YzNlNGVlOGVhZTdmMTQzM2NiMmZlNjliMTMyNjYwNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQ2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUxNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NTHXbWAMO7aQMLsko28Zv9GizVQIRM%2B1EYLCjuSO7G2JBfmQwr21ZPBZGMy84fHAHnBNzJptpi%2FYAaA%2Bvm0iXp8vggMXz4n7bVrGbfLRqObcNuUcQlqCD30mPqOtQtAd14U%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a6aeb4d89-FRA
content-length: 0
cf-request-id: 089f40fa8700004d896032a000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 24ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
276 B 24ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IuzxZqUY49X%2BdxkNvG%2Fa8k9J%2B3NU6dpQ0bnxfhlueW3xJZZyGUMO1JmGCZBtKHo94O7SwXccmE3jtHUeepojEaf0Xovg4UGob3JLQdEgLNNZyYkxS%2BXMDGQMmHAKHtsDY4o%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a6af04d89-FRA
content-length: 0
cf-request-id: 089f40fa8600004d89c23cc000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
377 B 30ms
23ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjgzNzQsImFkX3Bvc2l0aW9uIjoxMTAyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiYmlkX2Zsb29yX2luaXRpYWwiOjE2MDAsImJpZF9mbG9vcl9wcmV2Ijo0NiwiYmlkX2Zsb29yX2ZpbGxlZCI6NCwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjAxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6NCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VCyDyC0WEEshOSOdSvmDlDsLjozj4Vf5fVLEhRloAaKoMQwA6a8c3H6TSgz%2B4ztdXHPdMRDNO3XZMlOKmYw44UGUovg8La5w6KQCPznAnprwnG5RtAb653rYAM7lgikOJx8%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10a7af14d89-FRA
content-length: 0
cf-request-id: 089f40fa8600004d89b9a7e000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
120 B 39ms
39ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=3427153961523288&r=320x50%7C300x250&w=300&h=250&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame D4DD 185 KB
53 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame D4DD 12 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame D4DD 87 KB
27 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame D4DD 3 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame D4DD 40 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D4DD 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D4DD 295 B
320 B 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame D4DD 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7cb88899bb64198703553fb5a7f64a902ecab4cb734aa19b7a6a18db40c5cb4

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 5445553358916252915
tpc.googlesyndication.com/simgad/ Frame D4DD 9 KB
9 KB 10ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5445553358916252915?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmYrzFb_xkEBxrpl8ns9QGIQl9dYw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb7d56246eb09c97683e725eca9060734824322c28905a10f4545d2007bc61f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:17:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Nov 2020 09:17:32 GMT
server: sffe
age: 929
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8861
x-xss-protection: 0
expires: Fri, 04 Mar 2022 14:17:25 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame D4DD 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTSfoGaLyc1ZOgeQrq5BAOxcv34sbSB2lJ3YDnfGjS7c33K9_mCG5uCz6A0DOMY1tX1CIGz9u5R9UfY3sM70Fan9e0NWA
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D4DD 0
0 42ms
42ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7fIrle9AYIKvO7ygrATVk7lIu-jmr2Gtv5LvzQza2R4QASD0-cYlYJX68IGMB6ABh4eN8QPIAQLgAgCoAwHIAwiqBNsBT9A3G2KQQSc7kws-nyjFrF1cgX-vkMDlZyO9gu4hfnx88sFlSvC0Q7raj_aGUKQdGBOlicrBCATvLFUWKTyB2yMAivnKj5I6kbXi1h6zUlWVvlnhuqwiuVeyp5IElfWuofPXZmhVcblTda3sDQWfz9pww3N_5forU0vikcVZqC1vjqNIZTK1z36yE2K_aWHc6OZeMKrQTx_-NTeiJSA5nFUKuWpKIF0yOgz4uX2BqBS-71j-D1gMRYm_YbKM9NYv4yDSL4nbUHR74v4K1EIPIsmycIdLShq14ygVwATnncmwsgPgBAGSBQQIBBgBkgUECAUYBKAGAoAH4fjyDqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCnwALSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=kBczZfk6kpE&tpd=AGWhJmts48U8xMZ-kXolGAT8JwzHIfP1zesvh7597aNbxzKHTw
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame CF71 185 KB
53 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame CF71 12 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame CF71 87 KB
27 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame CF71 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame CF71 40 KB
13 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182361
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 17798343744532142239
tpc.googlesyndication.com/simgad/ Frame CF71 53 KB
53 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17798343744532142239?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm4lvgWjpRiVQOxzWdHb6V6UkAkGw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de4fe78795635eaa62bf868d0821774266e4a0258c0e8683380b0b4348c720e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 11:01:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 12:59:14 GMT
server: sffe
age: 271882
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54474
x-xss-protection: 0
expires: Tue, 01 Mar 2022 11:01:32 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF71 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF71 295 B
320 B 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame CF71 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efcf0f78c387a966a6a6e769725c2c4b088eceff67772a4efcc5699e600c8338

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame CF71 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQX5MFSnQz8FAPGVmP-GFQxg7kKkay9wz4mkA8XnVZQYDWjBiKOaz7s_O0MWcqkurqb9ZWYFUTEJGjooHMusmSlSvwc9g
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CF71 0
0 42ms
41ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C18IWle9AYNzjOsiC3gPPvaDgBY3Fw9dh_bD12Y0Nsv6hn4wOEAEg9PnGJWCV-vCBjAegAYeiqdwCyAEC4AIAqAMByAMIqgTcAU_QM59bPB6TUj9EGx9WJHFuBy-PwUUaUj8HGna1lu9t6M2oKD5l095fx2S8k5jEGWUh8Br34Mzmm43lWl1ngkDnSNFIRlxx_N-IosiXrd4uqDMib8NZ-EzU-whLltqWvnrbYhtVxn087BCA095LaRUKG9tFTZJunAgRN0FWJidgit4qlBokiK-rzODYvXDzAngik5xOm2srIEttmaq_vyp9IcuLEu4uN90bY93Otu7OmAK8pdWx9LE1_kUchXdB7UCJTTiW3OYlYQSckNX4m_DKF9aXk75wSMStXmLABJ_HoeujA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfY_fjdAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDo6QnSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEwyyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=5cSK8wxEOFE&tpd=AGWhJmvoaMqJgDrOMTRQPwFhgeoW7Fd9zS0p-E798x7vtaqzVA
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 45ms
39ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=3427153961523288&r=300x250&w=300&h=250&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 8FEB 6 KB
3 KB 13ms
12ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:32:48 GMT
expires: Fri, 04 Mar 2022 14:32:48 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
320 B 19ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQ2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XsW29Il9a%2Fn17NFnOkJUw9aSsDszYtCS2r8IY1oBlYMuSxnXtTvOeF3ws1jw%2BhfBMZ%2B6aJcoY4dM7idWNcbwRSzOmBaK5S5iFGpwRCykdJmqpeiIOgL2oFnKIMqzF%2FzcCNk%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10abb614d89-FRA
content-length: 0
cf-request-id: 089f40fab000004d8952bb1000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 17ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
273 B 17ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oOjAMP0O4fGuNB7wMc0Q7njvCMQWMN28EDaj0jDqGbo1QChCuh0J1aTMwN%2FD5Y0a0abCDp6bTdfdSoCxo%2BveSpDu9Akz2KkgAk7g2yyh%2FrM0o5%2BLLVDAwzPOB2ownZlYlXg%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10abb624d89-FRA
content-length: 0
cf-request-id: 089f40fab000004d8965b9a000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 17ms
16ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYXVjdGlvbl9lcG9jaCI6MTYxNDg2ODM3NCwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjQ2LCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyMjQsIm11bHRpX2FkX3VuaXQiOjIsIm11bHRpX2FkX2NvdW50Ijo0LCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e5hl%2FOCFjP2Zfwn5btKd99JN7kvnp2YzRhwSAioTo0oo%2FcqFWFhh8q3c5jKaRE9RiFoBv%2BZzkGTfDeCiMwLaTQo1GYEV%2FHSi%2Bo2pHcG1HFmNMr0VRE8AGbEwOtUOzctnU9g%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10abb644d89-FRA
content-length: 0
cf-request-id: 089f40fab200004d896f9c9000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H3-Q050 200 container.html Show response
139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 6FAE 6 KB
3 KB 13ms
12ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:32:48 GMT
expires: Fri, 04 Mar 2022 14:32:48 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
276 B 29ms
28ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiZTI5ZjY5ZGQ0NjhkMzFhNTUxNGRjOWI1NTg3Y2U3NTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTYsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ1ODgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eYkERc0yxkZL1GXbhV2DCeN2M2INi%2Fc0QR7lX9krcY52oJGSlCaYC%2FYQx8WMRLQOFupFV4NUTZxHBPldAi8juBq%2FICuPn98rQb%2B7EiV20cC02MxqXqQaGryq%2FMSz0rB9SNE%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10adb8f4d89-FRA
content-length: 0
cf-request-id: 089f40fac300004d897f3ea000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 19ms
17ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
395 B 21ms
19ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M54wqvE9XwmZY1X56Z%2B5KkjMUHg7KVANhJU4VoCODaQWt7SP23bQNogm7neKjnfsUiLjF9wd9Wc4hYHs8TLuWrqOAyXjMUOX0HeipbOmI3JWKX2d68TCbYnqY0mivbC2AGg%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10adb914d89-FRA
content-length: 0
cf-request-id: 089f40fac300004d8952bb2000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 30ms
29ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYXVjdGlvbl9lcG9jaCI6MTYxNDg2ODM3NCwiYWRfcG9zaXRpb24iOjExMDksImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NDAwLCJiaWRfZmxvb3JfcHJldiI6NDAsImJpZF9mbG9vcl9maWxsZWQiOjE2LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyNTgsIm11bHRpX2FkX3VuaXQiOjEsIm11bHRpX2FkX2NvdW50IjozLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Bnx4Dpe%2BbPv0IHR9j%2FI%2FvcKYj0Hbp7FH3HNBwkyuMkId4xTR7secepdQCA%2FJKCzphbbZlhI4yvoT1yDS68OFCjTablII6Gjatq3WKtmwM5gX1guVRY89K6JWQN9otHdfVu4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10adb934d89-FRA
content-length: 0
cf-request-id: 089f40fac300004d895d317000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
270 B 21ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJlMjlmNjlkZDQ2OGQzMWE1NTE0ZGM5YjU1ODdjZTc1NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTYsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTE3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5T1gucHoFYlYS2A1cUCgD1OjDhq1jWhhE7dran1tgzaCSM0OZXy5qoZ4Sb36q6QC2gPZUcyzsgg32U5RC62pbiet5%2Fy%2BMIYTM1X3g6ef81HlBUGJR7Ewyllu85HgOwbwuXE%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10aebb74d89-FRA
content-length: 0
cf-request-id: 089f40fad400004d899a8bf000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 18ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
272 B 16ms
14ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lT53WRxs%2FsVcdKxLHHcdiaovhqOGoYa83oxtjQ9CyBxAhwlDckeWkAaKNoO4AQisBLe6AizejTdUV25vNUXqIAWRZg4gG1rpXyt4%2BkTYVIIdE5jogQ6tzAPEhK3Jx0R8%2F3g%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10aebb94d89-FRA
content-length: 0
cf-request-id: 089f40fad400004d89ae8ae000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
273 B 20ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjgzNzQsImFkX3Bvc2l0aW9uIjoxMTA5LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiYmlkX2Zsb29yX2luaXRpYWwiOjQwMCwiYmlkX2Zsb29yX3ByZXYiOjQwLCJiaWRfZmxvb3JfZmlsbGVkIjoxNiwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjQ5LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MywibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nUB%2BNbrpPzGeXM1fpw0oV51fN05xHCUc%2Bbo7PvQnJ4%2BG3FUpyhr3JyutqLNvqDWaENssj3uTbChJ%2Fq3HSZAeElJDZic13GeVbkx0irOs021V5rZui5jXdBnJe4kV6DYRoRY%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10aebbb4d89-FRA
content-length: 0
cf-request-id: 089f40fad500004d896e933000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
380 B 16ms
15ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5MjcxIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PJO3Pkpji0DJXXrfIpOLa2Q9iplgEhyuo96Fdn9cvv0%2Fvr8TOMG7hRQzPlKswGktR47Bf3KzSLK5qU87iY9%2F%2B2%2BxPfLZM8dBSxPtoEXeBo4tXg4mIsjoPDwvmBRg6ZfqxMo%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10aebbc4d89-FRA
content-length: 0
cf-request-id: 089f40fad500004d8957bb5000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
424 B 20ms
19ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQ2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9Y7KFl1A1wLZBv9w6d3KHRd5MWxI6r19DOa%2Fdd9LIOob1s4k%2FfvbNezJBENDb0zJXLwGFJUEPC0VNUvB%2Fjt3KZgytIjgbJ1%2F7tyOFFmNZJv%2FYcl8OOhOF66yg8HrCl3Qao4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10b0be74d89-FRA
content-length: 0
cf-request-id: 089f40fae500004d89a62c6000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 17ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
323 B 15ms
15ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FR8Quh8VwDnDYd7ilUfIC%2FXlPObj8dGzzWif1rBhK1PA2visr1Yz3wAAYxqsvZwejrxe%2BCiue4MOT%2FMgk%2BqSjiRZkei8RScmO%2BYXKCn8fUIeQwYquDEHggND7b7ldVpYqfA%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10b0be84d89-FRA
content-length: 0
cf-request-id: 089f40fae600004d89ae8af000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
277 B 23ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYXVjdGlvbl9lcG9jaCI6MTYxNDg2ODM3NCwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjQ2LCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyNTcsIm11bHRpX2FkX3VuaXQiOjMsIm11bHRpX2FkX2NvdW50Ijo0LCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LMWcG%2FwwySGG5NWIMr0ItIhCT%2FLccMI%2F54JmNbmrwQDAg8oCbfOILHaK2RjbjgGZmDeVKctLYngmIUXnEryvXyEeudnRbs7HCClg%2BHA0f1rTOlQ2ySp4zYRFyHZU%2B18UyLQ%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10b0bea4d89-FRA
content-length: 0
cf-request-id: 089f40fae700004d8957bb6000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H3-Q050 200 17798343744532142239
tpc.googlesyndication.com/simgad/ Frame DC81 53 KB
53 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17798343744532142239?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm4lvgWjpRiVQOxzWdHb6V6UkAkGw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de4fe78795635eaa62bf868d0821774266e4a0258c0e8683380b0b4348c720e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 11:01:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 12:59:14 GMT
server: sffe
age: 271882
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54474
x-xss-protection: 0
expires: Tue, 01 Mar 2022 11:01:32 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC81 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC81 295 B
320 B 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/ Frame C484 71 KB
19 KB 7ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcc820223d44f752c13df66af7def47e997e7d7c6a958f7f009cfc6082458c86

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/12575474388415307380/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sat, 27 Feb 2021 08:00:31 GMT
expires: Sun, 27 Feb 2022 08:00:31 GMT
last-modified: Tue, 02 Feb 2021 13:46:03 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 17572
age: 455543
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5C31 0
0 42ms
42ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbQR7le9AYKulO72grAS4u7qQDozxsNVhnvCnlY0N2tkeEAEg9PnGJWCV-vCBjAegAdWH2_ECyAEJqQKQzIavbjC0PuACAKgDAcgDCKoE3wFP0FchgrDXnP4ZeoBc-6L1maCRtWQIkEE1R8o-1-jifErPxQMMzteVX87qa5ILNHnv5HVxyKJD5ZHgXR_bIrz2E1-h7OPMSXPjjwCZ4C6GblBgt48cEcW5JBuObDb9idSgigl7dRrnQRCmhs33JbpLBLgzyuWWxDkWcVqRZfIzTcvMqcjd0_WiHVgK0FNCfzMXXnUCZOFpVFD7xBxwfAqjlrCpqEZW5ncP5IV73G1kxNlZzgv0amWnx-ZTv2k06vmRODq-fSsP7iGJheldy5v6X1S7K4ccy-GuzOYQ2tkowASe2-j-qgPgBAGSBQQIBBgBkgUECAUYBKAGLoAHk_ikjgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQp8AC0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MzA1OTU4Mzg4MjgxMDUzgAoDyAsB2BMNshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=VBl-PvuXg_8&template_id=419&tpd=AGWhJmtZN10gFU6G907n5DqYHFUhgT-xyDsy9Cxy8xaf6f-OAg
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame 5C31 18 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 16808423653712541117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:30:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 5C31 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:31:24 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C31 110 KB
34 KB 15ms
15ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 5C31 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 611
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:22:43 GMT

GET
H3-Q050 200 delayed_impression_vu_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/elements/html/impression/ Frame 8FEB 11 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/elements/html/impression/delayed_impression_vu_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8f22f1671578131b3ae0b1e241b699139bdaad127e61bb47c62705ed29bdc50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 08:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5158
x-xss-protection: 0
server: cafe
etag: 1565342530158717673
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 08:51:24 GMT

GET
H/1.1 200
OK adition.js Show response
imagesrv.adition.com/js/ Frame 8FEB 30 KB
9 KB 35ms
10ms Script
application/javascript 217.79.188.59
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.59 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: ea532788444c699a50cb36bbc1eb80d53d4c3367ef1250378a573331ca3850da

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:32:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Feb 2021 07:09:15 GMT
ETag: "799591495"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 8881

GET
H/1.1 200
OK js Show response
ad2.adfarm1.adition.com/ Frame 8FEB 2 KB
2 KB 44ms
13ms Script
application/x-javascript 217.79.188.21
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.adfarm1.adition.com/js?wp_id=3913935&gdpr=&gdpr_consent=&ts=1486948874&kid=3782160&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCMf5vle9AYK_1O5nM3gOGlrNQ3fCJ2GHhgtznpwyk5_LtlQIQASD0-cYlYJX68IGMB6ABlbKWogLIAQmpApDMhq9uMLQ-4AIAqAMBqgTiAU_QOdO5aqzRXDj-NdIpVod2MsEg30BCF-RhUCfWJePfiedHPB_RYNvODO0iRrnDEnb6f9EKwkvIo9Z2ahuhHqFa0oNQKZrF59LvAi-WxVTwkYUkVKZu4GZ2xlZT95SZ137gV7t6PSnkW7Yhj1bS5AahBl5wafFFAhY-dUhqA5o0Md_3NoXKuIoa_PR5KudxDu6-pio0tAqUofQNcNnqJ4tyAkT-aJ_PpYpc34p4TVCZNpi9EwFxpNTit3fFs_zrzDPgl1FvE-N-AhdBkaIA-x77Ooh_qkzgNr2NOKjkV5Q6S9vABM34iPyEA-AEAaAGEYAH083p3QGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RuoB_PRG6gH7NUbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgOYCwHICwGADAG4DAHYEw0%26num%3D1%26sig%3DAOD64_2GWckXMX2lveOxjjg3lUP8breZuA%26client%3Dca-pub-6396844742497208%26adurl%3D
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.21 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad2.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: ece21c733886deb724e6d1e59fde820a7e970bf31194726c73d53face070ca9d

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 15:32:54 +0100
Content-Encoding: gzip
Server: ADITIONSERVER v1.0
Transfer-Encoding: chunked
P3P: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Cache-Control: max-age=600
Connection: keep-alive
Content-Type: application/x-javascript
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 8FEB 31 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7c4efd1f41f3683d4845c653d5166988897616f79951568dad9323c26f2d6f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12669
x-xss-protection: 0
server: cafe
etag: 5012884434530507151
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:14:04 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 8FEB 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:31:24 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FEB 110 KB
33 KB 15ms
15ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 8FEB 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 611
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:22:43 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 8FEB 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRMv-19I3OkMJ6tr-Yjzq_Q7Cbrxc4yRULXOCM9nnLdjgkixlQ838nspbbGdEtxjS9zOkOTGDdJyhRHxvxEFkzTRfgnxg
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame 8FEB 18 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 16808423653712541117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:30:03 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/ Frame AAF1 59 KB
18 KB 8ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4855e1c075242d6bb84f10aa3c710a72d0a3856403a77bdab5e7002ef59f2223

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/15470226079987103343/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 02 Mar 2021 13:57:16 GMT
expires: Wed, 02 Mar 2022 13:57:16 GMT
last-modified: Thu, 10 Dec 2020 11:10:12 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 16719
age: 174938
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6FAE 0
0 43ms
43ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CK5Nile9AYMj-O6qZrASyjJPoD9_YvshhgtXWhfwM2tkeEAEg9PnGJWCV-vCBjAegAdWH2_ECyAEJqQKQzIavbjC0PuACAKgDAcgDCKoE3wFP0Bq7ND9OFemKL--Yx1m_lGas1oamTmw6mWE93reUhbLo6J61pQrByq9qDy6kJVRK8a9iSzSEY9tEbcbTD_1FQHGGVbqKtU_Hp_E9XgoQK-zNs-jbIckutg4ZBbP07XhJWPNmkk2j2M7Ax3h9ovK7YIfTUL1oG_7OGFdU8aCAPKVPqGMWTaK4I6SY4tSU9N30Ft2pIO7p8C8v9TgnmYGAv2sYUdvag2YMk7gBeaCIyOuWlzjstTauswgn3QeAyG0ksGVzsxVnv0Vk6_RpLXcq9I_qB4gz_QDQJU3CeBNHwATa-tqlqgPgBAGSBQQIBBgBkgUECAUYBKAGLoAHk_ikjgGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQp8AC0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MzA1OTU4Mzg4MjgxMDUzgAoDyAsB2BMNshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=Ruw7rOUMdE0&template_id=419&tpd=AGWhJmv9TlnikedQ2A37jsffOhU_OCaGdsR-w4-xIJLS9zFcew
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame 6FAE 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 16808423653712541117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:30:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 6FAE 3 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:31:24 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6FAE 110 KB
33 KB 15ms
14ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 6FAE 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 611
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:22:43 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 6FAE 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTpEc7OzIu3O3CvI_ZQ_zPflBoLe0414cqcxW-_AncCHDT5STqD-s60ahC_-Ewk9PLLRE-XgPb2P2RGB5I4Gxb1GquxZw
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 5445553358916252915
tpc.googlesyndication.com/simgad/ Frame D4DD 9 KB
9 KB 7ms
6ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5445553358916252915?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmYrzFb_xkEBxrpl8ns9QGIQl9dYw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb7d56246eb09c97683e725eca9060734824322c28905a10f4545d2007bc61f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:17:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Nov 2020 09:17:32 GMT
server: sffe
age: 929
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8861
x-xss-protection: 0
expires: Fri, 04 Mar 2022 14:17:25 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D4DD 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D4DD 295 B
389 B 8ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
H3-Q050 200 17798343744532142239
tpc.googlesyndication.com/simgad/ Frame CF71 53 KB
53 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17798343744532142239?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm4lvgWjpRiVQOxzWdHb6V6UkAkGw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de4fe78795635eaa62bf868d0821774266e4a0258c0e8683380b0b4348c720e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 11:01:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 12:59:14 GMT
server: sffe
age: 271882
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54474
x-xss-protection: 0
expires: Tue, 01 Mar 2022 11:01:32 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF71 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22197
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF71 295 B
320 B 8ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54483
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 18ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
221 B 217ms
216ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1849807130910758&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=4&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3Dee685f77592ce296910ee91457d66ba3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D40%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D80%26reqt%3D1614868373386&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868374&dt=1614868374414&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=1d&ifi=49&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9d1a689405eacdcff702c51cb4ac4e335967bd343aae7cb99207063fe9765bac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5C31 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdba16938e1e56f669603e2bf83c5f4392177704919364e632444f01a027a0ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame C484 4 KB
681 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:32:54 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C484 16 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 04 Mar 2021 15:52:29 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C484 22 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 05 Mar 2021 13:07:30 GMT

GET
H/1.1 200
OK banner Show response
ad2.adfarm1.adition.com/ Frame 8FEB 3 KB
2 KB 14ms
14ms Script
text/javascript 217.79.188.21
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.adfarm1.adition.com/banner?sid=3913935&adjsver=3&fvers=&iframe=1&ref=https%3A//www.winhelponline.com/&ro=https%3A//139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html&uao=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/83.0.4103.61%20Safari/537.36&os=5&browser=11&userid=0&kid=3782160&screen_res=6&prf[_TCF_ENABLED]=0&prf[_TCF_PP_PERSONAL]=0&wpt=J&clickurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DCMf5vle9AYK%5F1O5nM3gOGlrNQ3fCJ2GHhgtznpwyk5%5FLtlQIQASD0%2DcYlYJX68IGMB6ABlbKWogLIAQmpApDMhq9uMLQ%2D4AIAqAMBqgTiAU%5FQOdO5aqzRXDj%2DNdIpVod2MsEg30BCF%2DRhUCfWJePfiedHPB%5FRYNvODO0iRrnDEnb6f9EKwkvIo9Z2ahuhHqFa0oNQKZrF59LvAi%2DWxVTwkYUkVKZu4GZ2xlZT95SZ137gV7t6PSnkW7Yhj1bS5AahBl5wafFFAhY%2DdUhqA5o0Md%5F3NoXKuIoa%5FPR5KudxDu6%2Dpio0tAqUofQNcNnqJ4tyAkT%2DaJ%5FPpYpc34p4TVCZNpi9EwFxpNTit3fFs%5FzrzDPgl1FvE%2DN%2DAhdBkaIA%2Dx77Ooh%5FqkzgNr2NOKjkV5Q6S9vABM34iPyEA%2DAEAaAGEYAH083p3QGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RuoB%5FPRG6gH7NUbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgOYCwHICwGADAG4DAHYEw0%26num%3D1%26sig%3DAOD64%5F2GWckXMX2lveOxjjg3lUP8breZuA%26client%3Dca%2Dpub%2D6396844742497208%26adurl%3D
Requested by: Host: ad2.adfarm1.adition.com
URL: https://ad2.adfarm1.adition.com/js?wp_id=3913935&gdpr=&gdpr_consent=&ts=1486948874&kid=3782160&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCMf5vle9AYK_1O5nM3gOGlrNQ3fCJ2GHhgtznpwyk5_LtlQIQASD0-cYlYJX68IGMB6ABlbKWogLIAQmpApDMhq9uMLQ-4AIAqAMBqgTiAU_QOdO5aqzRXDj-NdIpVod2MsEg30BCF-RhUCfWJePfiedHPB_RYNvODO0iRrnDEnb6f9EKwkvIo9Z2ahuhHqFa0oNQKZrF59LvAi-WxVTwkYUkVKZu4GZ2xlZT95SZ137gV7t6PSnkW7Yhj1bS5AahBl5wafFFAhY-dUhqA5o0Md_3NoXKuIoa_PR5KudxDu6-pio0tAqUofQNcNnqJ4tyAkT-aJ_PpYpc34p4TVCZNpi9EwFxpNTit3fFs_zrzDPgl1FvE-N-AhdBkaIA-x77Ooh_qkzgNr2NOKjkV5Q6S9vABM34iPyEA-AEAaAGEYAH083p3QGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RuoB_PRG6gH7NUbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgOYCwHICwGADAG4DAHYEw0%26num%3D1%26sig%3DAOD64_2GWckXMX2lveOxjjg3lUP8breZuA%26client%3Dca-pub-6396844742497208%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.21 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad2.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 2d2a5523ec9b8b79ade25b0949b92d7f5cc22c131c8469c8998cc7183e5b394a

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 15:32:54 +0100
Content-Encoding: gzip
Server: ADITIONSERVER v1.0
Transfer-Encoding: chunked
P3P: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6FAE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8949fddab040c1bfbca0e8ea57b65d0656195ab0363f9d5ab3e1ce857cdc553

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame AAF1 4 KB
612 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:32:54 GMT
server: ESF
date: Thu, 04 Mar 2021 14:32:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AAF1 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 04 Mar 2021 15:52:29 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AAF1 22 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 05 Mar 2021 13:07:30 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame C484 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:24:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 144534
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:24:00 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame C484 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 03:07:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 41095
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Fri, 04 Mar 2022 03:07:59 GMT

GET
H/1.1 200
OK 000001905652.jpeg
imagesrv.adition.com/banners/268/files/00/1d/13/f4/ Frame 8FEB 91 KB
91 KB 11ms
10ms Image
image/jpeg 217.79.188.59
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/268/files/00/1d/13/f4/000001905652.jpeg
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.59 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: f8f729c68ffd5d2e4d7e0383bdd17f5c8ae1e456976a0ce55ef65e0853e6cfd8

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Mar 2021 14:32:54 GMT
Last-Modified: Wed, 28 Oct 2020 09:13:27 GMT
Accept-Ranges: bytes
ETag: "1839940813"
Content-Length: 93026
Content-Type: image/jpeg

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5FE5 1 KB
835 B 13ms
13ms Document
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 Mar 2021 15:30:58 GMT
expires: Thu, 04 Mar 2021 15:30:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 82916
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8FEB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5f7404bb7b2469db09e3294f7d85ed121bb3be16f6fa401d859b47699d9218f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AAF1 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:24:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 144534
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:24:00 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AAF1 9 KB
9 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 03:07:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 41095
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Fri, 04 Mar 2022 03:07:59 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8FEB 0
0 45ms
42ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWrxile9AYK_1O5nM3gOGlrNQ3fCJ2GHhgtznpwyk5_LtlQIQASD0-cYlYJX68IGMB6ABlbKWogLIAQmpApDMhq9uMLQ-4AIAqAMBqgTfAU_QOdO5aqzRXDj-NdIpVod2MsEg30BCF-RhUCfWJePfiedHPB_RYNvODO0iRrnDEnb6f9EKwkvIo9Z2ahuhHqFa0oNQKZrF59LvAi-WxVTwkYUkVKZu4GZ2xlZT95SZ137gV7t6PSnkW7Yhj1bS5AahBl5wafFFAhY-dUhqA5o0Md_3NoXKuIoa_PR5KudxDu6-pio0tAqUofQNcNnqJ4tyAkT-aJ_PpYpc34p4TVCZNpi9EwFxpNTit3fFs_zrzDPgl1FvE-N-AhdBkaJC-RNpvGvu67lxNWUxOHBwPI_ABM34iPyEA-AEAZIFBAgEGAGSBQQIBRgEoAYRgAfTzendAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDo6QnSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=K6pFjXK6Z4Q&tpd=AGWhJmuJlbK2iA67gh02a3bJ5GeFh4yj2ajL_PePllp5tbSHDQ&cbvp=2&vis=1
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 5FE5 70 B
265 B 99ms
37ms Image
image/gif 54.154.164.132
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFihpP9s6-FiCa4z8nbqk_I&google_cver=1&google_push=AQvitULuO72JQZolIA4eSiO7Oo-miBieowckw4gp1ZP56CN3yJNOZr8Zh_MbBewdtoERlcQX0nhYGMp4gDAw3WeEX5g2t0ok1OE
Requested by: Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.164.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-164-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEH9mwa8rVTbj6YxRUOuHsno&google_cver=1&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJW...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJWUfNE&google_hm=NTQyMjY1NTM0MzA4ODY1NzQ...

170 B
190 B

18ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJWUfNE&google_hm=NTQyMjY1NTM0MzA4ODY1NzQyMg%3D%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 04 Mar 2021 14:32:54 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUICzKRosfgKV8uiBsq8a8isVx_fp6xgAjH4tM9SKGT_XxmwqUpGzJUHYhD7hlb7FuMOi6S9ReaymrOpkk-HkfmDWJWUfNE&google_hm=NTQyMjY1NTM0MzA4ODY1NzQyMg%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEOE49eHZElySRXiV5VaWBy8&google_cver=1&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyx...
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEOE49eHZElySRXiV5VaWBy8&google_cver=1&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwA...
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI

170 B
190 B

19ms
18ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 04 Mar 2021 14:32:54 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULOtpt00w51t-2K-FJvtCbGTUs8XqY5P-8JE4B2WCGH42nfb40nLhW5_pkK-4dpwSYTaCL_i1jPmFgqOuwVMgyxxwASRFI
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKFNzN9L-dMsCbbREhx4O-w&google_cver=1&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKFNzN9L-dMsCbbREhx4O-w&google_cver=1&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8be...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjIzNDk5NjI4Mjg1MzUwNjQ2Mg&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD...

170 B
190 B

19ms
19ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjIzNDk5NjI4Mjg1MzUwNjQ2Mg&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n1KVrO53pahJNIfL01GY

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjIzNDk5NjI4Mjg1MzUwNjQ2Mg&google_push=AQvitUI9GracACu4fTiaXMLE-VVrVrCTGDc2NwsdT_QVf4D0JsKB0FUe44asYrJWojjfwlNF8beskD8n1KVrO53pahJNIfL01GY
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEBO0ZW_KzwxBRJyZe1GtbYk&google_cver=1&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk
https://rtb.openx.net/sync/dds?google_gid=CAESEBO0ZW_KzwxBRJyZe1GtbYk&google_cver=1&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&google_hm=dXg-uHEfxEkb9HXZSXRPtQ==

170 B
484 B

47ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&google_hm=dXg-uHEfxEkb9HXZSXRPtQ==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKA_ZzA4cP50yx_lNETIgrtcV7W478OWKQ8NMnQiE-tXTkzldnwZjHPRClWqwcJGn9Xx6BaK6u9UyljRmkDF7_f9rPXXMk&google_hm=dXg-uHEfxEkb9HXZSXRPtQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ifvaedi0cba8ua47q37peqbjfln61hqr

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEHn9UOJDUtd5JCpiatutyx4&google_cver=1&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwr...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEHn9UOJDUtd5JCpiatutyx4&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwr...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8&google_hm=NFhpbVZYTXhMQW5abEt5b...

170 B
213 B

21ms
21ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8&google_hm=NFhpbVZYTXhMQW5abEt5bEotOU4=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:32:55 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJxT-Tuj9lXpypxnSSF3JAPjT4eORDOI8xx5FvwNcaUaA_q47VfzH1JE_pXVzyEBantShIlQpQKeJSwrDNuJUkqUmRwMu8&google_hm=NFhpbVZYTXhMQW5abEt5bEotOU4=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5FE5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEDvlstTufHmohJ-nXg4iAAABFYAAAIB&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFK...

170 B
190 B

85ms
72ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEDvlstTufHmohJ-nXg4iAAABFYAAAIB&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFKhMA48XUos&google_cver=1&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:32:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEDvlstTufHmohJ-nXg4iAAABFYAAAIB&google_push=AQvitUIojf9i1kwlqje0uiZlwUiSXLfWQ9kp5wHKkroie7UimGMnqCBjHtk0pw3xXLFtAsVwXhITkcQYFEjtnstpFKhMA48XUos&google_cver=1&google_gid=CAESEIrKPuPDBZlCTMy6vVoJAao
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Thu, 04 Mar 2021 14:32:54 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5FE5 0
227 B 47ms
18ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1FnmhhNOWsJXmaNGJ0O3qkzQOMGkSNvDrCKAqVsGwEEqh5i0pZfj3dfXz27rrEZ5p_DJD

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 cta_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/ Frame C484 206 B
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/cta_1.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 115209
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
last-modified: Tue, 02 Feb 2021 13:46:03 GMT
server: sffe
date: Wed, 03 Mar 2021 06:32:45 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Mar 2022 06:32:45 GMT

GET
H3-Q050 200 logo-deloitte-its-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/ Frame C484 1 KB
1 KB 9ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/logo-deloitte-its-300x250px.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 455514
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1180
x-xss-protection: 0
last-modified: Tue, 02 Feb 2021 13:46:03 GMT
server: sffe
date: Sat, 27 Feb 2021 08:01:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 08:01:00 GMT

GET
H3-Q050 200 visual-300px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/ Frame C484 76 KB
76 KB 9ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12575474388415307380/visual-300px.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6997c742339cea4206dbfd61b9da497757533e2978aa1ba8ebe9588f6dea53e3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 455514
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77632
x-xss-protection: 0
last-modified: Tue, 02 Feb 2021 13:46:03 GMT
server: sffe
date: Sat, 27 Feb 2021 08:01:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 08:01:00 GMT

GET
H3-Q050 200 cta_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/ Frame AAF1 206 B
308 B 8ms
6ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/cta_1.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 113495
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
last-modified: Thu, 10 Dec 2020 11:10:12 GMT
server: sffe
date: Wed, 03 Mar 2021 07:01:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Mar 2022 07:01:19 GMT

GET
H3-Q050 200 logo-deloitte-its-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/ Frame AAF1 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/logo-deloitte-its-300x250px.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 26718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1180
x-xss-protection: 0
last-modified: Thu, 10 Dec 2020 11:10:12 GMT
server: sffe
date: Thu, 04 Mar 2021 07:07:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 07:07:36 GMT

GET
H3-Q050 200 heroshot-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/ Frame AAF1 99 KB
99 KB 10ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15470226079987103343/heroshot-300x250px.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a035d5a8c4b8f450224b0db08933e7daee6dd2fecf42a119ac86efa88928599

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 455573
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101302
x-xss-protection: 0
last-modified: Thu, 10 Dec 2020 11:10:12 GMT
server: sffe
date: Sat, 27 Feb 2021 08:00:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 08:00:01 GMT

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 8FEB 55 KB
21 KB 7ms
7ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
URL: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

47979ef506264db0704b5de93065a3ca44e171e2054648f5f12f66f587a1ed3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:58:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2077
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21163
x-xss-protection: 0
server: cafe
etag: 17443452193483161684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 04 Mar 2021 14:58:17 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 8FEB 0
331 B 399ms
143ms Other
image/gif 2607:f8b0:4000:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kluyxojx&ctx=2&qqid=CO-Tqb7tlu8CFRmmdwodBssMCg&met.4=fb.3y~lb.a6~cmrload.c8~ol.d1~idt.3y~dt.-6w&met.3=492.7v~739.a7~740.be_1~740.be~740.bf~749.bl_5~736.c0~740.c3~735.c4_1~738.d1~113.di_4~112.dg_5&met.1=1.kluyxo6g~6.14~7.14~8.14~9.14~10.14~12.16~13.1i~14.1j~15.2b~16.a7~17.a7~18.a7~19.d1~20.d1~21.d2~22.au~23.au&met.7=CBsQCBgBKCcwNjjVA2gqcDV4txeAAZ0XiAGyLbABAbgBAw~CBwQChgBII4BKI4BMJYBOAdojwFwlQF4iCmAAaYoiAHZWrABAbgBAw~CBsQCiCPATgk~CBsQCiCPATgt~CBwQChgBII8BKI8BMJcBOAhokQFwlgF432OAAf1iiAHP-QGwAQG4AQM~CBwQChgBII8BKI8BMJkBOAlokQFwmAF4pgyAAYoMiAGaGbABAbgBAw~CCoQChgBIJABKJABMKABOBE~CBwQChgBIJABKJABMJgBOAlokQFwlwF4lzCAAfsviAG2b7ABAbgBAw~CBsQBhgBIJABKJABMJ8BOA8~CBwQChgBIJABKJABMJkBOAlokQFwmAF47jmAAdI5iAHnjwGwAQG4AQM~CBsQCiCeAjgP~CBsQBiDZAjgY~CBwQBRgBINwCKNwCMOsCOA9o3QJw6gJ4wwaAAdQFiAGWCbABAbgBAw~CCEQBhgBIKYDKKYDMNQDOC4~CCgQChgBINcDKNcDMN8DOAho1wNw3gN41qcBgAGrpQGIAda1A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4000:816::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 46AE 42 B
479 B 66ms
52ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsui_SMLmcwpluMTZsJTLgk-aAv9r3Ciknct_YBZiFxEEVcMJSmTH9KSgGn8DiFfGviL7d6rKCa1yiKYGf8ByZJhG8S5ALpc6UjGi3NwbJWQMZA2ttnSFXcWQHu931vmf5n7cA23y1fQ70MwOFeorr55&sai=AMfl-YTZzFjxgXpHr8-sFoZVncJTR4tDEtuTGHNH57_a-OL2px2EEbjnTlUqvni9h_QeMlAKGLFNiefMs63Dc0OwNdRwwkeXXXSNzspHcQ0-UAX8dSBauhkbV6rsq-E&sig=Cg0ArKJSzKbzKfYk6WeHEAE&cid=CAASF-RoLcx2akbUK9CcNcoWuAUVylkAdieJ&id=osdim&mcvt=1014&p=1097,436,1187,1164&mtos=1014,1014,1014,1014,1014&tos=1014,0,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=1304616017&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614868373614&dlt=50&rpt=46&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 18ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:54 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pKm0G6WxkpVdBeQohCC47Kfv0avXQq6LHDllU%2BJ8Q9wWqT8SBvM0uevrzSiQW4%2BoW5vpFDiwAey5GWkYrGaPDHbsb0NeShdkR0rq%2BSLyTkst642m1F%2B2khMBzyQYSLLQjHc%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd10ea9704d89-FRA
content-length: 0
cf-request-id: 089f40fd2800004d89a62ea000000001
expires: Wed, 03 Mar 2021 14:32:53 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
123 B 19ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
452 B 193ms
193ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=2591607006018100&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D16%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D40%26reqt%3D1614868374927&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868374&dt=1614868374933&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=1e&ifi=50&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5b7ff0199b5316bfa6dc96a03763165f1a439b161b0915ebb09f9eab465c91de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
324 B 16ms
15ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NzI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils3MjgsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg3MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg3MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Z4TZDrxhMavbobYphZlIyYKX%2BL2Ddho2IRXPO8p1rsx8xuRiThgB7cSbecdWFH2fgY%2FoGXFJYDXj2NfF9%2Fk0ip%2Fbn4Fp%2B69V%2BLj8k9FBB2geZ112EqoRFALBxGKX8N5%2FK0s%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1107ca54d89-FRA
content-length: 0
cf-request-id: 089f40fe4d00004d896e96c000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
379 B 15ms
14ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j0auc6N1RgibfHYDrWy8xuZFHq8e97k1rRVyK9r4lB6Mc38apQhZ1aGJuNyKPwCAxHQ6IvQjV1Xrm%2Br8NJJxq5UYHbXE7Iw%2Fmmnbsin9AX7jMpcVvz%2FrffVqADt38qkXb3E%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1113db84d89-FRA
content-length: 0
cf-request-id: 089f40fec100004d899cba1000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
277 B 22ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HSCu%2BawZ%2B4FMU5GXec1k7TAkWG8s4hqhZqNNwywnA9cVqaepSISc2uHlCBQKpKE%2BwaVPZmESEA6Fl1%2FDBJOx00gP0jt0JEcNj40c3qC1qLEpiJ8uXiEcGBmbdW%2BRGD%2BfQAo%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1113dbd4d89-FRA
content-length: 0
cf-request-id: 089f40fec100004d8992b89000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DC81 42 B
71 B 47ms
46ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssgdWzBrZC-gvFVu43wMjHaT2bco0MxzVJrvfurIZl6-N17VvZtM3h4WLx8bizLHWEBTNo9XiNf9Zyfn7OoenGupenIpf_37k8LoncEzBMPySDKrdav9jFu_LPYRQ&sai=AMfl-YRZIfap8pXFJ7nxcOF2P1WZ8c-pWF9QsLaI0c2HMVavlxjzxiGDvU8LL6J6BaFS2DDZunxl6JqMtZihfJLzxDJ1JmQEGUAr72lVo-5JtSvN27Mq7S78-kd6L28&sig=Cg0ArKJSzCecyCRhNE14EAE&cid=CAASF-RoQ_jrOi8J6ciMXStp5CJkbufStR2f&id=ampim&o=1073,943&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=188&tls=1189&g=100&h=100&tt=1189&r=v&avms=ampa&adk=1947973535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
272 B 18ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n5GNSpUqJyckXx4oHlXLA05RchLx%2F9BhSainDDFQT8FdMmOJogrMBoGfDNK3qK8hfPLmbkbtO0q2%2B7N6kDTcLbG94U0LbhxJ0soEnZPt%2FU1ThEOy9E1ecWWG4azYZKi84EQ%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1124f6d4d89-FRA
content-length: 0
cf-request-id: 089f40ff7100004d896e980000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
10 KB 229ms
228ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3427153961523288&correlator=1188277930866553&output=ldjh&impl=fif&eid=31060327%2C21068031&vrg=2021030201&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid8%3D740023%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-740023%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D4%26br2%3D200%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C35%252C120%252C67%252C51%252C122%252C66%252C20%252C34%252C30%252C63%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D16%26reqt%3D1614868375445&eri=1&cookie=ID%3D171a257f6d10a324%3AT%3D1614868368%3AS%3DALNI_Mbhxy-heKARFQ201tqjoyYQHTccYw&bc=31&abxe=1&lmt=1614868375&dt=1614868375450&dlt=1614868367966&idt=390&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=1f&ifi=51&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=2097198560.1614868368&ga_sid=1614868368&ga_hid=1955571415&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

8d7824f0d9f41dba94748b7e745dd441b1b596f73b151de09f05f4f0acc88545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10327
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C31 42 B
89 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuNcNbPEcmynTBnOMOKFBL-D1CGzDmqm4ImX8B6HJmqxaaCm_x51QS7WfrF-lP-u-KeQg0B7edskmPc6kjUidSu-Kql-rq1UdvjQ-frRb70NqlvO0_KJRUijY3Khw&sai=AMfl-YRzVGtgl-DqqXVnJ8yunguB17eIHfEJCXptvt0wXu6OOfFzNeSs3M-1ZI35CH-fvEf6IN7xo6CT2_lbD9PLPTqDWvf6YJeHvLjCVCu9VBKc7cZVPi_1c43G4zQ&sig=Cg0ArKJSzFHGtbqmG3CjEAE&cid=CAASF-RoQKamApcWldwNVQgulpLrJq4zDw6E&id=osdim&mcvt=1011&p=678,1073,928,1373&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4174927576&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614868374122&dlt=131&rpt=2&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CF71 42 B
66 B 47ms
46ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu8go4KHznkwn-I9N8B89EfUcs4St4bkSbYXi5f_VNpnXAFOB2FMa4lpOpt6flXHmzAKvMryVFT-Cf6A0NH_xpoXMJ8YBL4KSmW8uX5NakDbrVWUroqW4-KKKsaAg&sai=AMfl-YSrAz3Y0jY6mGDEEGri9U_b2tZ2ZiFvgeDJLlaJrw-mi83M-OWGDkIHT9NCIGIIyNStn6iax-fcOt4zLYz_SsQTmTGYFe7hlcj2k8rv6kZf7HTVIAzqZ5qheVo&sig=Cg0ArKJSzK-TKciE-PcEEAE&cid=CAASF-RoibfAQPeNNmzmP_0apNK3x1NgJmqM&id=ampim&o=639,205&d=323,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=210&tls=1210&g=100&h=100&tt=1210&r=v&avms=ampa&adk=1970382492

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 15ms
15ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kMwiB83HzzN9Ru5JTKow1XjGjI3Hs8T%2FxZJ%2FYfXZxH5ziJqz9Dh8tXrtCZWSLqjs7nU61L0WTLuv8Cl5ZsDN7IoEwiJHaL0RWsyofqJjKPsNcFSaAOsNjkvBWKvmVZPGnzQ%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd113490a4d89-FRA
content-length: 0
cf-request-id: 089f41001200004d896e987000000001
expires: Wed, 03 Mar 2021 14:32:54 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
396 B 18ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzIifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7FneagtMiOcWZ1inGIY5nSqZXJt3J3%2Bvx7dSqzkUATgHjLIEE6%2B4GhqmlCCUXVlv6vDxACaReRiaE8E6NLUKk43CZmGZjfjAY0BWcmnKwfyRcuBielwuXtMpnK4VB0ghjtw%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd11389624d89-FRA
content-length: 0
cf-request-id: 089f41003500004d89cc3ea000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
271 B 18ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UaGDHuNiLzilm2psGRUFIdkfNsGg1euYJ7ioJpUAeIYtkVGtZy01N8OKiplhEXkkHPd5QiRXXf0UG0jAuRolhx0gEFwiQdRow%2FYQuw0E4HWZh%2FrOSMNlVDLaKCAUjm12gjA%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd113a9b94d89-FRA
content-length: 0
cf-request-id: 089f41004900004d89c6059000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8FEB 42 B
66 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEalvQ1seo5qWQoa0LJqhJ4YR_Vhs66n1_OaHThEHCS6X6yGbSBy5s7ppE717Sy3v6NmvwX-QVWpy9P1TYI0ElFy6RsZt09QpTTRKPjQpKPL707AupVwouIgD3kg&sai=AMfl-YSEro4GScC3M7Y7idg2KHBldHii_WPF8UmrE1oTLy-uRSBqT0p8PX8fytWNZySTE_7gV2IrOqlIHoAdgmcx-nVDj5mIz7QLwkcsMJf7Qf_DVwKaOkhG1wdj44I&sig=Cg0ArKJSzCO8SSfgzvvHEAE&cid=CAASF-Roo2qBaQ1nea6FFE7bPsE9AdVA7vvG&id=osdim&mcvt=1012&p=205,327,459,627&mtos=0,1012,1012,1012,1012&tos=0,1012,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=1505197098&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1614868374186&dlt=81&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
275 B 20ms
19ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=E4JKaYVqljkN66BmwgPsubPYxAODcj87V75pOCnsUYXpBCF4CyErToBupm8%2Frq6yUcZQQKBPxPFS8PXZVeUrGZuSJ7aPEyE3%2FFPXVWSv%2B26hw5NxiKjeuMI24pmST2O5XyE%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd113da204d89-FRA
content-length: 0
cf-request-id: 089f41006d00004d896781f000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
320 B 22ms
21ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e0xdENr4A8EBjwNet8jzGxZlF4dzIKEi8Z0dkNDTzCJ8QlHta17TOa0xgZPfQJ7NhXDj2XXweu9cdf7%2Fsgf8c%2B3YSaYxjplMcYf8wmtyfVcKTtvGFfB%2F%2F66GshUSZkFMK0o%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd113fa534d89-FRA
content-length: 0
cf-request-id: 089f41007c00004d89b9ae3000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 16E5 185 KB
53 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182362
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 16E5 12 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182362
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 16E5 87 KB
27 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182362
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 16E5 3 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182362
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 16E5 40 KB
13 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 182362
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 16E5 2 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 22198
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 16E5 295 B
514 B 9ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030201.js?31060327

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 54484
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame 16E5 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00c4ba47fdde1ab46701a859586eed06a0873eefd575fe9073c82efd2cd986dd

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 646956728769721904
tpc.googlesyndication.com/simgad/ Frame 16E5 7 KB
8 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/646956728769721904?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnapcTAd3u_D0Qn8_HHZi8YKWmVyg

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f2fd78d89f6fc5b3b9620fddb8b745019cc7ee1423d4f30fbc6d1f5eea7b6fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 06:02:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 24 Aug 2020 07:18:47 GMT
server: sffe
age: 549032
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7650
x-xss-protection: 0
expires: Sat, 26 Feb 2022 06:02:23 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 16E5 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQAzS2emhs8xklmywSb0J0PP7UAdTKkagdzcgHZITF--sQXbB3AVYKrIBp0V_bBJ39o02vlz9GghpwtVt8YuBbLtwwLdw
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 16E5 0
0 43ms
42ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8VAsl-9AYJTzHo6EjuwP-pugmAmc1PPBYdrAtPCgDK_m9P0IEAEg9PnGJWCV-vCBjAegAYmat8QDyAECqQKJ_m20UriFPuACAKgDAcgDCKoE4QFP0ON0wp1n9rSysSrz_rvag0l_9S4Sd0Jm4W-eRE-O_0dj45EzUaVtQPaDhDIx6e5sDL5xPrVSP7GTeDE3HiqfrXZBrMe4bkCu0QoQjcg2UHvKLTVkBJAR-S3jnj0YvE0SyQqLsGdVL6zrBhmE2u-UeFj4BL8VCanj8YUGSVFtzeaoqULEBMsqHb1LH3xc9qwMyHaQ9PKQvRnRJBgiY670eyrlQKhPBj2As-rxj58ZezmYmk-hMDTRB-Vqz1kgA9FTYyNkpp4Z4tfpZXo81kX1cVLk_yoxLy-WofudG6BqGZvABLbVhuDzAuAEAZIFBAgEGAGSBQQIBRgEoAYCgAff5cg7qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEKfAAtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTMwNTk1ODM4ODI4MTA1M4AKA8gLAdgTDbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=354sj4oPeXQ&tpd=AGWhJmtb8amYEmQ-OOm05Qq9Z9FQ8QfUuu3Gq7bN9h283zkuUg
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
270 B 32ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDE2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTIzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9PLCHigJ9noz1fIF6yoiCMkG6QIXvkl8uEyJpFamjVzmkxjZAY3GzPW7ArqEi936eAPaYQBpxJmsWhs88ODxko4sxX0v6d1cVMqfX5oUHWNV5hrU92FnXuOC2%2Brx7KgS1v0%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1143ab04d89-FRA
content-length: 0
cf-request-id: 089f41009f00004d894f20d000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 30ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:32:55 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
277 B 33ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iO%2Bv8hJbS1EYtVTq8LDM69nHUCzu%2FYAY0UukfeLqwO6Xx5dUvJvVnMwTO0QD%2FXEcShgkB%2FTSWPF60CJUwbjexZfkHY4A9F3lL9bDWWYVxoMJn0o3hcVXd0%2FT7bUYv4Pajsg%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1143ab24d89-FRA
content-length: 0
cf-request-id: 089f4100a200004d894f20e000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
383 B 26ms
17ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYXVjdGlvbl9lcG9jaCI6MTYxNDg2ODM3NiwiYWRfcG9zaXRpb24iOjExMDksImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NDAwLCJiaWRfZmxvb3JfcHJldiI6MTYsImJpZF9mbG9vcl9maWxsZWQiOjQsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI0MSwibXVsdGlfYWRfdW5pdCI6MiwibXVsdGlfYWRfY291bnQiOjMsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eiElLF0bsOWmc3DdH4gmoVGlZXCOvu8%2Fk2u0%2FXMkRKXFODkaIklMsEzTffA8NjMWpIHmO%2BDPegSdaVSsSCRWBpjaGl0mAVnozz8hn0XXzDSgiAkWM%2BFGdKlg4%2Fw%2BnUT20go%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1143ab34d89-FRA
content-length: 0
cf-request-id: 089f41009f00004d896e990000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
400 B 32ms
23ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2X2cbCWkLWd7YA6UJQXhOBvsmTEaw9JxqF6G%2BlHCa%2FayNac6rcUpZ%2FjARK59ZYrS22sat52TgZ5vxIBSqtZ3VpyGF%2FF50hCQydcihBuy9nI%2FmjNBV4UDTdcx30vyXlq9AGI%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1143ab44d89-FRA
content-length: 0
cf-request-id: 089f4100a000004d899b1fe000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
278 B 24ms
20ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAxNjI1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDE2MjUiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwMTYyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qGOWlEc%2Fztp0X0A0A7ia2Yh%2BDT7xC8P2CR8QH676kWGUQ5PDgYmGryN%2BMLuNPGjyTINaBHmKrNZ6gHyyH446rLx9ZcPFubai%2BdtvO%2FrU9XrB4YVumkuXyIt6Yz4RQuFN%2F7I%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd1143ab64d89-FRA
content-length: 0
cf-request-id: 089f4100a100004d89ca97a000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
280 B 23ms
22ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjQyODU1MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI3In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjY5NzE3MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiOSJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTkyMzY4MDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiMTIwMjMifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:55 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D0j%2BuuuA1YkpmYVu6bmadR260WHXYthvPv6E7cSLsNoEGtzzWPLXgX%2Fwz7Mb2CfvGvBcmQkjBlzeYss82N%2BSbnMb9Urf%2F%2B0EkUmFykLVpdmSu%2B4lQq40%2F%2BsxLdP9bUlJHYw%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd114dbdb4d89-FRA
content-length: 0
cf-request-id: 089f41010600004d89500c4000000001
expires: Wed, 03 Mar 2021 14:32:55 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 16E5 42 B
89 B 45ms
45ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu2y7pt6-_-A5wfyjOus1QNOt7PGvDa3Zi2ntXwOJ3ReZKNoPNDzcFGrsdZJy0h7rZVrr9aRCxJOOGALjsJY6xLCaEB9KCrFvWg9rRQZ30ql4iBSLq2HPJ12-1ktQ&sai=AMfl-YRGnF9zGovtq0zzWJFsA30V9MJYCA_9dm2Oec7g2sg1m48dYJvk020ef3qvSMnM1TELLSDGTolqMDeP_Isa4KlxvEad4tvbdNrS1-RD7hYauA-dHcvuUFGpebs&sig=Cg0ArKJSzLKwyiA8UE27EAE&cid=CAASF-RoWiWE7Dz2RZJCYUmrjch9aVJ-nb2x&id=ampim&o=962,205&d=323,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=120&tls=1120&g=100&h=100&tt=1120&r=v&avms=ampa&adk=3314737083

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:32:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
320 B 18ms
18ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:56 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DdDdYE69ode9bGvNd8gR4xUmXudCYegIyTemNnFnPU%2BMNfwk2QXZ5IAtNsBIvQVDLWmm2k8cwpeE6ya6kKGWyZobwB95Am%2BkcxndUyzsNjyPVLrU1G3k%2BpwXAo9MQL8NG0k%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd11b4eb74d89-FRA
content-length: 0
cf-request-id: 089f41050800004d895d3c7000000001
expires: Wed, 03 Mar 2021 14:32:56 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
320 B 16ms
16ms XHR
text/plain 2606:4700:3033::6815:15b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQwMDIzIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxNDg2ODM2NiwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiOTc1OGE0M2QtZDhhZS00MGY3LTY0YjAtZGI1MWYwZGFlNjEzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDAwMjMiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjE0ODY4MzY2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI5NzU4YTQzZC1kOGFlLTQwZjctNjRiMC1kYjUxZjBkYWU2MTMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0MDAyMyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjgzNjYsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6Ijk3NThhNDNkLWQ4YWUtNDBmNy02NGIwLWRiNTFmMGRhZTYxMyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:15b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:32:57 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ERE5asGgPVWTYodtyXyL4%2BZDZEV50SharAUuUm%2FVqVIqmClrwLzkbuyA%2BVTY1H7tl8vphISzRQ6CCLcgNSZja0TsWG6n7f0T24R99zRbosXY15iaTDYZq%2BGFAJAayaE04U4%3D"}],"max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 62abd11d7ab14d89-FRA
content-length: 0
cf-request-id: 089f41066b00004d8992818000000001
expires: Wed, 03 Mar 2021 14:32:57 UTC

Verdicts & Comments Add Verdict or Comment

247 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.winhelponline.com/	1970-01-19 16:35:54	Name: _gid Value: GA1.2.1704193449.1614868368
www.winhelponline.com/	1970-01-22 05:53:40	Name: ezohw Value: w%3D1600%2Ch%3D1200
www.winhelponline.com/	1970-01-22 05:53:40	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.winhelponline.com/	1970-01-19 16:34:28	Name: _gat Value: 1
.winhelponline.com/	1970-01-20 01:20:04	Name: ezCMPCCS Value: false
.winhelponline.com/	1970-01-19 16:34:35	Name: lp_105367 Value: https://www.winhelponline.com/
.winhelponline.com/	1970-01-19 16:34:30	Name: ezovid_105367 Value: 538292729
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.winhelponline.com/	1970-01-19 16:35:54	Name: ezepvv Value: 865
.winhelponline.com/	1970-01-19 16:34:30	Name: ezopvc_105367 Value: 1
.winhelponline.com/	1970-01-19 16:34:35	Name: ezoab_105367 Value: mod1
.winhelponline.com/	1970-01-19 16:37:21	Name: active_template::105367 Value: pub_site.1614868366
.winhelponline.com/	1970-01-19 17:17:40	Name: __cfduid Value: d0eb149aa84f9bec577daac3e1d6587131614868366
.winhelponline.com/	1970-01-19 16:37:21	Name: ezovuuidtime_105367 Value: 1614868367
.winhelponline.com/	1970-01-19 16:34:35	Name: ezoref_105367 Value:
.winhelponline.com/	1970-01-19 16:34:30	Name: ezovuuid_105367 Value: 6d460c1b-2c53-428e-7da5-217f4a4021f8
.winhelponline.com/	1970-01-20 10:05:40	Name: _ga Value: GA1.2.2097198560.1614868368
.winhelponline.com/	1970-01-19 16:34:30	Name: ezoadgid_105367 Value: -1

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://www.winhelponline.com/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

139953215ea95698fe1236c14b294ab8.safeframe.googlesyndication.com
absorbingcorn.com
ad.doubleclick.net
ad2.adfarm1.adition.com
adservice.google.com
adservice.google.de
b1sync.zemanta.com
c.amazon-adsystem.com
c1.adform.net
cdn.ampproject.org
clients1.google.com
cm.g.doubleclick.net
cse.google.com
csi.gstatic.com
ezodn.com
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
g.ezoic.net
go.ezodn.com
googleads.g.doubleclick.net
imagesrv.adition.com
match.adsrvr.org
pagead2.googlesyndication.com
pixel.wp.com
pr-bh.ybp.yahoo.com
rtb.openx.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
stats.wp.com
sync.bumlam.com
sync3.sniperlog.ru
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagservices.com
www.winhelponline.com
13.224.192.34
142.250.185.226
142.250.185.70
142.250.186.34
184.30.20.241
192.0.76.3
217.79.188.21
217.79.188.59
2606:4700:3030::ac43:ce7a
2606:4700:3033::6815:15b1
2606:4700:3034::6815:3d31
2607:f8b0:4000:816::2003
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:802::2001
2a00:1450:4001:803::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:811::200e
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:829::200e
3.127.76.126
31.172.81.158
31.172.81.159
35.190.64.11
35.227.252.103
37.157.6.247
54.154.164.132
70.42.32.63
00c4ba47fdde1ab46701a859586eed06a0873eefd575fe9073c82efd2cd986dd
0175ee728b2facf49da44a0f084dbd43847b73a43eb9bf5a45161ffed61c0a3c
0252d3040663f347465b274f3a62abd4f04e4f001d4bd0ff0d9e11dab08e0368
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04e43870098517e0bdd4e0a54d10aa1381eaceb225d5774a8aa546be9aaa03ba
0523d5ec6f1d92ecb25cd5aeacfabc72a5c6bd78c7b61408d06536f514904bfd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f
08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7
0a1562b1d568d8ed640628f0cfad93a30ad41ee66bdc2bb54a27c6ccb9bbc95e
0b6fdc4e2bf35682e0695e5fd3fbbb4e6f2a04376904ab2e30f7bb66319b0699
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283
0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f29f21f86f411884165081ccce73438c7d84573344f4b5c55016788ab5dc1ea
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
13100439599ff5287527639bcf7da75ce611510506de5a16068551de00dd4768
14ae521f1d108f4ca4dfd0980d8204061baab321252707ffd85bed133eb549e8
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
177fbf8c16cccceec34cdea8d22754361ffd6600499180f94cc93f7d5a97dec9
17e361e43deccffc9c1e621630d9e9fe55928101226d6588cd5c6ec35173082a
194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c
1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
2056d978c6d084130d7efd3381d4884e8d38e35ebea5422139469c6f1579e811
2449485ad8020d42ff44981a9046d1bcd49561861e623cae5e9e8040fb6b2564
244de6960388f992e43c07685dd8c7ca1ee4424d85874a72036f2f8e692bbd7b
26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7
2d2a5523ec9b8b79ade25b0949b92d7f5cc22c131c8469c8998cc7183e5b394a
2dc7cf23d2fdab261d5c779cb00582ed04c64693f15168bb693fd5dd280a9094
2eb8705de009b9349821f03860254150a17d7b5761172b7a5887472a9fbd5fb1
2f130178018a6fc28a68fac5adbb779b71fbaed03d08c2161393969dbd43da55
2f2fd78d89f6fc5b3b9620fddb8b745019cc7ee1423d4f30fbc6d1f5eea7b6fc
2f67b70481772b372e1054067ee2821a6b8735ba4521f0d5d16c0fdd48bc7773
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa
37d4ae593a1268d4afce8c38f61ea933982184d2d6055300c2bfdb8ca28c2846
383de82ada912e90d91f02c6ae6d4801ee2c41edbcc9d1c97e1fd1c4127f873f
38e22a9da44d362f72a06246a2653d10f24cb3c8062ab3d63c93273cb41f212f
38ed2c21bcfa116d731881882f18dcea1371c5b3c8f885bdaae9ecc92a1848c2
3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e
3fd62148b7be959fdbf453a639cb4de24c942145e1dfae9a47c0c22c35509a69
3ffe3558eee19297c7d7efb3ee170abccec5984bf568d44a194bfd46153ad898
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
47979ef506264db0704b5de93065a3ca44e171e2054648f5f12f66f587a1ed3e
4855e1c075242d6bb84f10aa3c710a72d0a3856403a77bdab5e7002ef59f2223
488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c
492799bac5485370257524687c11994d7e7c2527ad1504f2e583c0976aa1b8b7
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd
4f28c5e287a3fa4c4a051593bf498248afb520e19c2a700eaacfed67dc4495a1
4f83db4d6431c0b742caf2343b1c14ece7b731a872e54220417b3760299f3872
545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a
57cdc7631e631b64fd319d393cbbb71ae6054492337884a4ccb53207b60ace0d
5b7ff0199b5316bfa6dc96a03763165f1a439b161b0915ebb09f9eab465c91de
5b8ca12a460703aca3d43ad880e4e414d6e1a058d1ce9da226080afc42927700
5c0badb73fd6f0332b00fd7f2cbd3ae540971d875bfd50e5c6e23b6e0be4d3a2
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5ddf9915b623693344aa9a128880e86b9d879b11d04d5b3bd2ddaca0cf269d89
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f76e770cbb0d1ac772c3bf60f376df31b95d80e5c18913e4018ddf7c55ed03a
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
619023867fc6c13f087935cfe535adc7b06b57d510b9b4b218e47a53708b87e0
636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53
63e971626cb7961fb014906a5476a7353bba89331013e001bb16b4a6ac5ce93f
6674a3b31bc7014d04e7aeef41596932d4dab2fdc391a3bf02064ccf1a3e64bc
67c09614e086c51b23713d706f3de578d6eb4f15b8296e1cb9a641934788c7b1
6997c742339cea4206dbfd61b9da497757533e2978aa1ba8ebe9588f6dea53e3
704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9
717e9759657392ada69981d5b44649c2ec78b94f39c8d975131da59844b04bc2
73618d59a3dc00468aa85f81f93cad60be8c20b12a5d4ba40d3f0de6d172a6e2
73dd08c34cf381d62ebef877a80373a6c926a2e641e651c27640ae4fb05af464
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7503d4bda0f5b992a9332fa98f8e8573d4aef80b374d640799ca3c87d808eb93
763c71e62ed7208596bac8c8ba98cee015318915484af8617a8799dea7af03be
792c65d21b0e3b479e2f12d545f718d052f224458ef778e9c2a8585382a19b22
79f8ee3ee2be4cab6ca5ffbec67dd65fb85e2b93a2f7ad3f2cc22b6802c8871f
7b06e95c240c369e99653f0883ca7b3b553624af061c6a4a612045caa49605f0
7b77233bfa1ba7dd38506d93a68c219fd6cf5b224172ce419fc83ff497316d4f
7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188
7be6ea471376a554ac2ed8e92739dceca2f341fa900bf25a6135a8b09cd3bdce
7c4fcbfdc05b68dd52d61e5f307d6ceb00b757899f2db853262592d4466a0000
7de4fe78795635eaa62bf868d0821774266e4a0258c0e8683380b0b4348c720e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839cd49aa2a6f409cc73f8bec9b4f0f13d72f56e5f36719a9522bc2b30f173fb
86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d7824f0d9f41dba94748b7e745dd441b1b596f73b151de09f05f4f0acc88545
8ecf255231e66490a23e9c77a818f7f00ee7d78093a92cab6a4e967c1953d8a2
8f53f926a3c79cde491ead9fb376a19a753740683a859116084e2a0e3d499354
8fbc17ed739bfc0cc8fe69f2e3fd6985843e179d0b9c75e08af069b95dc4c685
90d26d0a7d028ce6715d93cf37c8acd2eea0bf9323e72114d78b520e8f5ed1c1
95b6ad09fe86b7e964d364eb9781bc506a00fb1b7fc8f38ee181080fde5ce25a
96fa3ff5103b255801e3d58f9d46cbf10bf427afb3520cd4a2d0071713393483
981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3
997fcf32c04a9fb22713db794dffdb66911546785d2dd592c772e7a9c0e39967
9a035d5a8c4b8f450224b0db08933e7daee6dd2fecf42a119ac86efa88928599
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
9c425362669b7e1a841bdc2af775d7fd523709a380870eef4c9033a8af88f629
9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0
9d1a689405eacdcff702c51cb4ac4e335967bd343aae7cb99207063fe9765bac
9e39e4632592859250af733d8f5cc58a5c8cafbdc8f30ba75b4e0d4c160fcd05
9f0276be8515629362424cf288cf8e94ced32542167747a0c1d17a6d75ae6a0d
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7c4efd1f41f3683d4845c653d5166988897616f79951568dad9323c26f2d6f3
a7cb88899bb64198703553fb5a7f64a902ecab4cb734aa19b7a6a18db40c5cb4
a9f5bcaea7135eb0b06f4009ab1d5c031b2656f8b6a3a0fb6a833c6291193a36
ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd
aff3b2e7d612a48a827c7dc5c812625503bd2a70dd0352df892582b90a9dbcdf
b1636edd35c3cd5ce5dcdec35b21a5051eafa5eb7c66f08b7567aafc2c14754e
b48f43d267e851c4b651fb03ef86d8b7d9027222a02227edb1eaaa7f7f7d1a15
b4ee1274b70caa492a7b2a6e361e8daec408b94db560f5e1a5610599f00931be
b62a031b117adaa15131c8151dde56420a48f848f3d7c7b3be569bfe589d46ec
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
b9053ab0fe2686eb02e1d02a89c718bcafbc9954eebf40a6620a60f57e9d9def
b983ef981b6fe164fdcbf7043da01353e31f5684f9f6e57b18f34c4741aece5a
b9c1b4d59d84bf437c902238f9f500ae95aacd906a7863a5ea0521de4706615b
ba6960b29e88de515524bad199e15e41cb9f91d981e673ac736ff2361c368183
bb0d4b44df05b222ca7c181041f549780070c42ad8cc919f94d7874befd69747
bc3e89318f8ad6d66e0ea5b27a0526cba837ae58f633f286bbd5c7535f7f4493
be293d5ccff73cf71d10b7a589ea284aa686845f585bf2274f672dbad90ede28
be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e
bf8921b49510efc41d6ce26a3a5d6bd53d65afc5f7ce3b523bee1571360d3080
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456
c2fed10faa71823f67af6f1cc9acbfc1dcf3647bb156056d9e7bdc389b5a2a6b
c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb
c4139a34d61eb108974fb29e1a5b762cf4245b0cf63880a74f7a893a7f7565ed
c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb
c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5
c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9
cc8b935fc7a0fb31c550d69f25b8453d3566520a35cc96bea92b10d71335debd
cd482357c0415690fe23972a4b6c62f0cdeebaa29f66bf2851bbeaed4450b982
ced5c873136c4fab4584c0c6d26dcd530c748303d7ed9b7a7966b2fe1d6f5915
d144a1f2bc7a2ff334c085bd26d3c7cbc779abbbfd3c220ab1af37585940488f
d28edd11b74a0291b015931929f4bcf853c9837951950f3c945735dcdb8060d3
d5f7404bb7b2469db09e3294f7d85ed121bb3be16f6fa401d859b47699d9218f
d625d7f1e80b219657e32a265bc83dd2348b04b37680ac40ed141b00823b6961
d798d8773831f64f1228bc59f6dc361eae9b0811b1cbce20d639a8695b1d118c
d8783ef685913f06da7e385a57c93b9e356aa567402e0730579db45d90828660
d8949fddab040c1bfbca0e8ea57b65d0656195ab0363f9d5ab3e1ce857cdc553
d8f22f1671578131b3ae0b1e241b699139bdaad127e61bb47c62705ed29bdc50
d986c94a06a3d0a95ab01276c1086a9cb90a114e1be0e5446f8adf40b7d8753d
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82
dbb382f89e65842b70a24f18003def83adaf1df705d084555568c59d86199e6b
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
dcc02165becda691e0d2f6c60e7381748a5b73ebd628557fc3ae762ed7458dae
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de4d3db706892fcc71fa557df3269b1b7fe850591a0f8590222fb4d7360523c6
e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e88127ef92a9fd1f231cbcd9d27d643772d106fe3b5c233e5b370c5dd9e48919
ea532788444c699a50cb36bbc1eb80d53d4c3367ef1250378a573331ca3850da
eaa955a9453159643ec26ae298a32bee42ebd74e6386ba421b5e540d60e6b495
eb7d56246eb09c97683e725eca9060734824322c28905a10f4545d2007bc61f1
ec28f50ff7b7ee02d3e5fc37c85cbd59d56c2a836e84904a64a80f7a12bef253
ece21c733886deb724e6d1e59fde820a7e970bf31194726c73d53face070ca9d
ee7512d6db22d38268db6d062b9a322c66ff1b774729c8f58e907823d406dee7
ef0c15eb92404933c20fb8771a459c326f86984c224c01028c539bfa823b689d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef695108b9a9dea4dfa01e428cb374590423448b4def86977c634fb0d841305c
efcf0f78c387a966a6a6e769725c2c4b088eceff67772a4efcc5699e600c8338
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f2b92530616ddbefbed0e825e094cd914f17ae899b42152f17028a0073f5eb62
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f60242c2da457c137599d04bff9ed531f80c76cc38cb5cda5bb321cd0933273a
f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae
f8f729c68ffd5d2e4d7e0383bdd17f5c8ae1e456976a0ce55ef65e0853e6cfd8
fcc820223d44f752c13df66af7def47e997e7d7c6a958f7f009cfc6082458c86
fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d
fdba16938e1e56f669603e2bf83c5f4392177704919364e632444f01a027a0ed
feb7a5577dbe893b3e3d18f81d09f6428c747616be42482bcd53f9e707c7202d
fef6d90fc22c3f94fa10afb8f2486ccf398d3637ba2ef62d2be59a1d974e318c
ff54a23fb5c53315e5087a6cbd31f4d2734a53bfb42ab0bf6bee6e315c276a02
fff08307515fffef36d9c3c84bc9ee066b933069a6cfdf4220d759dd9869339a

www.winhelponline.com Open in urlscan Pro 2606:4700:3033::6815:15b1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

371 Requests

100 %HTTPS

53 %IPv6

24 Domains

38 Subdomains

28 IPs

5 Countries

2583 kBTransfer

6551 kBSize

19 Cookies

6 Outgoing links

Redirected requests

371 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.winhelponline.com Open in urlscan Pro
2606:4700:3033::6815:15b1 Public Scan

Screenshot
Live screenshot

Full Image

371
Requests

100 %
HTTPS

53 %
IPv6

24
Domains

38
Subdomains

28
IPs

5
Countries

2583 kB
Transfer

6551 kB
Size

19
Cookies

371 HTTP transactions
28 data transactions