bitly.ws Open in urlscan Pro
185.11.100.204 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cl.s13.exct.net/?qs=5913406073518bfb2b8bf8647660eb286740cee73f26162804c8f6fcd83fcbe285578d0ff22a2971f899fb5513d7...
Effective URL:
https://bitly.ws/?banned=1
Submission: On January 08 via manual (January 8th 2024, 11:56:38 pm UTC) from AU — Scanned from AU

Summary HTTP 121 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 24 domains to perform 121 HTTP transactions. The main IP is 185.11.100.204, located in Poland and belongs to CF-KRK, PL. The main domain is bitly.ws. The Cisco Umbrella rank of the primary domain is 158367.
TLS certificate: Issued by R3 on November 20th 2023. Valid for: 3 months.

This is the only time bitly.ws was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	96.43.154.9 96.43.154.9	14340 (SALESFORCE) (SALESFORCE)
4 12	185.11.100.204 185.11.100.204	29522 (CF-KRK) (CF-KRK)
18	142.250.204.2 142.250.204.2	15169 (GOOGLE) (GOOGLE)
1	172.217.24.40 172.217.24.40	15169 (GOOGLE) (GOOGLE)
17	172.217.167.110 172.217.167.110	15169 (GOOGLE) (GOOGLE)
1	192.229.232.89 192.229.232.89	15133 (EDGECAST) (EDGECAST)
4 23	172.217.24.34 172.217.24.34	15169 (GOOGLE) (GOOGLE)
1	172.217.24.46 172.217.24.46	15169 (GOOGLE) (GOOGLE)
4	142.250.66.234 142.250.66.234	15169 (GOOGLE) (GOOGLE)
6	172.217.24.35 172.217.24.35	15169 (GOOGLE) (GOOGLE)
17	172.217.24.33 172.217.24.33	15169 (GOOGLE) (GOOGLE)
2	142.251.221.66 142.251.221.66	15169 (GOOGLE) (GOOGLE)
17	172.217.24.38 172.217.24.38	15169 (GOOGLE) (GOOGLE)
1 3	142.250.66.228 142.250.66.228	15169 (GOOGLE) (GOOGLE)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	103.3.63.48 103.3.63.48	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	54.196.33.224 54.196.33.224	14618 (AMAZON-AES) (AMAZON-AES)
1	133.186.161.89 133.186.161.89	45974 (NHN-AS-KR...) (NHN-AS-KR NHNCLOUD)
1 1	51.79.152.76 51.79.152.76	16276 (OVH) (OVH)
3 3	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
3 5	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	103.43.89.4 103.43.89.4	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.204.3 142.250.204.3	15169 (GOOGLE) (GOOGLE)
2	142.250.67.2 142.250.67.2	15169 (GOOGLE) (GOOGLE)
121	19

1 96.43.154.9 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: cl.s13.exct.net

cl.s13.exct.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.11.100.204 (Poland) 4 redirects

ASN29522 (CF-KRK, PL)
PTR: v5103.vps.ogicom.net

bitly.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mp.org.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.24.40 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f40.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.217.167.110 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s17-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.232.89 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 172.217.24.34 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: syd15s20-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.24.46 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s20-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.66.234 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.24.35 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.217.24.33 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f33.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.221.66 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.217.24.38 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s20-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.66.228 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.3.63.48 (Singapore, Singapore) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li819-48.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.196.33.224 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-196-33-224.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 133.186.161.89 (Japan)

ASN45974 (NHN-AS-KR NHNCLOUD, KR)

app.cauly.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.79.152.76 (Singapore, Singapore) 1 redirects

ASN16276 (OVH, FR)
PTR: ip76.ip-51-79-152.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 174.137.133.49 (United States) 3 redirects

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

gtrace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.43.89.4 (Singapore, Singapore) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.204.3 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.67.2 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s16-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 140 tpc.googlesyndication.com — Cisco Umbrella Rank: 185	513 KB
25	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 338 ad.doubleclick.net — Cisco Umbrella Rank: 199	158 KB
20	google.com 1 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1187 www.google.com — Cisco Umbrella Rank: 6	137 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 407	1 MB
10	bitly.ws 2 redirects bitly.ws — Cisco Umbrella Rank: 158367	27 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	107 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1194	3 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 356	4 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	4 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 173
2	e-volution.ai 2 redirects rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 18203	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 271	130 KB
2	mp.org.pl 2 redirects mp.org.pl	458 B
1	mediago.io 1 redirects gtrace.mediago.io — Cisco Umbrella Rank: 6276	511 B
1	adkernel.com 1 redirects dsp.adkernel.com — Cisco Umbrella Rank: 12508	544 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1105	441 B
1	cauly.co.kr app.cauly.co.kr — Cisco Umbrella Rank: 63245	161 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 1274	1 KB
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 9734	644 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 1396	582 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	249 B
1	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2512	440 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	78 KB
1	exct.net 1 redirects cl.s13.exct.net — Cisco Umbrella Rank: 977320	197 B
121	24

	Domain	Requested by
18	pagead2.googlesyndication.com	bitly.ws pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
17	tpc.googlesyndication.com	googleads.g.doubleclick.net bitly.ws tpc.googlesyndication.com pagead2.googlesyndication.com
17	fundingchoicesmessages.google.com	bitly.ws pagead2.googlesyndication.com
15	s0.2mdn.net	bitly.ws s0.2mdn.net
12	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
11	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
10	bitly.ws	2 redirects bitly.ws
6	www.gstatic.com	googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net s0.2mdn.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
2	www.googleadservices.com
2	fonts.gstatic.com	fonts.googleapis.com
2	ad.doubleclick.net	bitly.ws
2	rtb2-useast.e-volution.ai	2 redirects
2	www.googletagservices.com	googleads.g.doubleclick.net
2	mp.org.pl	2 redirects
1	gtrace.mediago.io	1 redirects
1	dsp.adkernel.com	1 redirects
1	onetag-sys.com	1 redirects
1	app.cauly.co.kr	googleads.g.doubleclick.net
1	sync.srv.stackadapt.com	1 redirects
1	a.c.appier.net	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	www.google-analytics.com	www.googletagmanager.com
1	www.paypalobjects.com	bitly.ws
1	www.googletagmanager.com	bitly.ws
1	cl.s13.exct.net	1 redirects
121	29

This site contains links to these domains. Also see Links.

Domain
xy2.eu
tinyurl.mobi
www.buymeacoffee.com
buy.stripe.com

Subject Issuer	Validity	Valid
bitly.ws R3	`2023-11-20` - `2024-02-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-12` - `2024-10-31`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.cauly.co.kr Sectigo RSA Organization Validation Secure Server CA	`2023-02-17` - `2024-03-06`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 20 frames:

Primary Page: https://bitly.ws/?banned=1
Frame ID: A567E86BA14564EE44BE063BECADC72E
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20190131/zrt_lookup_fy2021.html
Frame ID: 6F76CCB9A517719DC6BB7AB82B95DDD8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&adk=1812271804&adf=3025194257&lmt=1704758189&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189158&bpp=7&bdt=342&idt=383&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5111256294081&frm=20&pv=2&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=399
Frame ID: 90FEF620097F6560ADC65562FC24520D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=200&slotname=1428154055&adk=624732521&adf=477754370&pi=t.ma~as.1428154055&w=1200&fwrn=4&lmt=1704758189&rafmt=11&format=1200x200&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189166&bpp=2&bdt=350&idt=402&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&rplot=4&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=415&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=408
Frame ID: C8690466635AEB19EEF0B0FAC6BD14F9
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.1976031760~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x280&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1740&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=2&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4
Frame ID: C37D4B2C99580BAE63382440EFD1E88B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=280&adk=3088186576&adf=3730911173&pi=t.aa~a.1976031760~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x280&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280&nras=3&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=8
Frame ID: C472DABF4747758555392FF309C8BD8E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12
Frame ID: B8A2DD1EEE750734626503319C737CE9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=60&adk=273762757&adf=1414068304&pi=t.aa~a.1977424468~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x60&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=1&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=16
Frame ID: 4BF8E0BB8AE758EDED89ABBE6713FA66
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 3F82BDE98C7F4FC217F5D39355CB91B6
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 68CC8C912E1B3EB823286F7792CAD672
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM7C2ZoCEIfmwZ0CGMi6mukBMAE&v=APEucNVN5ugEh88RjcE4veipt1L2IvJsHp5iZD-g7aUYZjwp0iqPZ4Qbefrsim96c65_Fw19XLFi0kWlxnf3zhweGIqHsvpdkPGvlDC23g988_N2vSIlXqA
Frame ID: FDBDF3BD0522168C2E8C6BC198A233D5
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: 6F7355EE6489F2C879BDBBBF029E340B
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 831D2A0F1244FE7EB7B912EA9155CB81
Requests: 9 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E8405EE87DC3718595E94D99BF13181F
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 597B9815675BE2C24F76CE3F75B351CB
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
Frame ID: FDFD7D3A700CB270387AD26C926D9DA7
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: C104DBDBCB05FEE6548DCA37674C5D7B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: 3BA0519E1B3E18DF2D8612037F7C3C70
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5B74CE2D0E682E568644DE5DF62B7C3E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A52665639389997F3D4423A10835E8BE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bitly | URL Shortener

Page URL History Show full URLs

https://cl.s13.exct.net/?qs=5913406073518bfb2b8bf8647660eb286740cee73f26162804c8f6fcd83fcbe285578d0f... HTTP 302
https://bitly.ws/37khM HTTP 301
https://bitly.ws/?redirect=37khM HTTP 301
https://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM HTTP 302
http://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM HTTP 302
https://bitly.ws/?banned=1 Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+_s-xclick
paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

121
Requests

91 %
HTTPS

0 %
IPv6

24
Domains

29
Subdomains

19
IPs

5
Countries

2188 kB
Transfer

4396 kB
Size

27
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://xy2.eu/
Title: XY2

Search URL Search Domain Scan URL

URL: https://tinyurl.mobi/
Title: TinyURL

Search URL Search Domain Scan URL

URL: https://www.buymeacoffee.com/oconnel

Search URL Search Domain Scan URL

URL: https://buy.stripe.com/eVa8z88iQeWTaEUeUU

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cl.s13.exct.net/?qs=5913406073518bfb2b8bf8647660eb286740cee73f26162804c8f6fcd83fcbe285578d0ff22a2971f899fb5513d77657 HTTP 302
https://bitly.ws/37khM HTTP 301
https://bitly.ws/?redirect=37khM HTTP 301
https://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM HTTP 302
http://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM HTTP 302
https://bitly.ws/?banned=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 54

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEMw9_Vj0SRS56zYMfoGU2LQ&google_cver=1&google_push=AXcoOmT8NaTU3A1u87aRKRaYILa2707C5ApZwtjsvXMFFIjM2IZytIJJobhh0qh2iD6G6lakCJlA--z02WLcwtVzvhfahON-DZBs_FZV5h1ttRVBmXm5sEnGK2tsTuiK3WjVFKnJ3Oyp3DynOt5KJwe5Psid2g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMw9_Vj0SRS56zYMfoGU2LQ&google_push=AXcoOmT8NaTU3A1u87aRKRaYILa2707C5ApZwtjsvXMFFIjM2IZytIJJobhh0qh2iD6G6lakCJlA--z02WLcwtVzvhfahON-DZBs_FZV5h1ttRVBmXm5sEnGK2tsTuiK3WjVFKnJ3Oyp3DynOt5KJwe5Psid2g

Request Chain 55

https://a.c.appier.net/gcm?google_gid=CAESEHAmPMGkQsyDry5ItM_V9TI&google_cver=1&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUdd2tD-kjWOIBKIlKljY82hXFyn_7MLQhy_8RRdq2jlBi8GGCopX3Wqhq1DO80gpPDI7mllwiiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=cHFOdnp5NHlDdWVFdkJDWnI0dWNaUQ%3D%3D&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUdd2tD-kjWOIBKIlKljY82hXFyn_7MLQhy_8RRdq2jlBi8GGCopX3Wqhq1DO80gpPDI7mllwiiA

Request Chain 56

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEPeBgsADSxr8sz6DKw8VLL0&google_cver=1&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev5TpLqvsQ1OOfX3_xRNZWp7dKowMfCBSVpgypivDR04RsS85pyToFl-MI0zKFXmCs2k_7W_Ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ixp5FsgBUsNLlU0cTOLBBkLLcKA&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev5TpLqvsQ1OOfX3_xRNZWp7dKowMfCBSVpgypivDR04RsS85pyToFl-MI0zKFXmCs2k_7W_Ew

Request Chain 58

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJTGicIrkYi4kqcOJIGPH-k&google_cver=1&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKxbdjqALWpZJoTk5xnHccO0N9EEJpIm6svA6mm_5lGosUSVAsz4bpnkClxdgZE7TvfnDCo0Oit HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKxbdjqALWpZJoTk5xnHccO0N9EEJpIm6svA6mm_5lGosUSVAsz4bpnkClxdgZE7TvfnDCo0Oit

Request Chain 59

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESECEuMj35_5Bp-d7ial3jsJM&google_cver=1&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY HTTP 302
https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESECEuMj35_5Bp-d7ial3jsJM%26google_cver%3D1%26google_push%3DAXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY HTTP 302
https://rtb2-useast.e-volution.ai/sync?adkuid=A1750726987690333917&exchange=193&google_gid=CAESECEuMj35_5Bp-d7ial3jsJM&google_cver=1&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTE3NTA3MjY5ODc2OTAzMzM5MTc&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY

Request Chain 60

https://gtrace.mediago.io/ju/cs/google?google_gid=CAESED4VY-TTx3fPdB7Lq4Hf2Vk&google_cver=1&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a5m7qR8VvkwWzD1OKNEtKi9JxZvduBriukXrF4uspH4bivLoZ6PYB1yCnHdvB1af6vc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a5m7qR8VvkwWzD1OKNEtKi9JxZvduBriukXrF4uspH4bivLoZ6PYB1yCnHdvB1af6vc&google_hm=746ded22ad0849ad2e6y2y00lr5l0f9u

Request Chain 70

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0&C=1

Request Chain 71

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZyLrw-Lyjl2kTC6VmuL8AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1

Request Chain 72

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEGmNrJAbL-BoWDJlGSoC4xU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D0%26code%3DCAESEGmNrJAbL-BoWDJlGSoC4xU%26google_cver%3D1

Request Chain 73

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxNTg4NzkwODQ4MTI4MjY0Nw%3D%3D

Request Chain 102

https://googleads.g.doubleclick.net/pagead/adview?ai=C7SLqrYucZaCFJ8mejMwPj-KHyAeutsyyasGf68nYD6Tn8u2VAhABIKyQlQJgpYCAgJABoAHF14eSKMgBAagDAcgDwwSqBMoBT9AmHDDbw9_Vs4GWk_V4Ttn76uthwt3cHwIa6IetywjhcY4c7PNOOGVOez9AJoLHViFvop5QPgBx4YjyDVeVzSJnPUYX3BsPcZZ1za16OI9Em-_F71bzs0z1wblPfJ8cOhFoTn7Qx8UIt8eXtiik3sn3pL0Blv8MHx7bvOEUwiBmNBZAMBE699vUw4xw-40VCylrZDe2O0wRMTmF7Dp4gWTSXpVLlBnlcwMUMijUWO1qIN96is81FWM8fcCSqHpdvSOCNVNcNNge-8AEgMvNrPQDiAWvlbiZPZIFBAgEGAGSBQQIBRgEoAZmgAekw47xAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEPOTCtIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYr-7Ikv_OgwOaCaEBaHR0cHM6Ly9zb2Z0d2FyZS5maXNoL2FkYmxvY2tlci9iZXN0LWFkLWJsb2NrZXJzP3V0bV9zb3VyY2U9YWIzJmFpZD1hZGIzZW4mdXRtX2NhbXBhaWduPTE2NDI3OTExODU1JnV0bV9jb250ZW50PTU4NTAxNzczMjU1NCZhZGdyb3VwaWQ9MTM0MzExMjczODU2Jmd1bGFnPXtnY2xpZH2ACgHICwHaDBAKChDguqmz9Zj08XASAgED2BMMiBQC0BUBgBcBshccChoIABIUcHViLTI2MTQ1NTYzMTA3Nzg3NTkYAA&sigh=RIpk3fb-uaM&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_vb9llpud-oTOvgsfAOMEgKftqj_RfFDmgnm-SNNARqWOe35Zn5jGKWWQT--nawKgDvdCh-0N2Z3Dj3aSXUAydHO7t4um1cnV4xgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6c431eff8536aaf50000000000000000%22,%222%22:%220xc22e2252d8d48050000000000000000%22,%223%22:%220x37b508512e49edd60000000000000000%22,%224%22:%220x40337d195ade243d0000000000000000%22,%225%22:%220xd1ea0497e3a897e90000000000000000%22},%22debug_key%22:%228993965344274027192%22,%22debug_reporting%22:true,%22destination%22:%22https://software.fish%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210775292869%22],%2222%22:[%22true%22],%224%22:[%2201-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225816473840770686769%22}&andc=true

121 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bitly.ws/
Redirect Chain

https://cl.s13.exct.net/?qs=5913406073518bfb2b8bf8647660eb286740cee73f26162804c8f6fcd83fcbe285578d0ff22a2971f899fb5513d77657
https://bitly.ws/37khM
https://bitly.ws/?redirect=37khM
https://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM
http://mp.org.pl/yt-redirect.php?banurl=https://gtly.to/7xkxHvpJM
https://bitly.ws/?banned=1

12 KB
5 KB

276ms
276ms

Document
text/html

185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to

Full URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache / PHP/5.5.38
Resource Hash: 2e70ba207d2e14bc43e9e5071aa65663aa26c6e842e5094368593d40e5faf48f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-type: text/html
date: Mon, 08 Jan 2024 23:56:28 GMT
expires: Mon, 08 Jan 2024 23:56:28 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/5.5.38

Redirect headers

cache-control: max-age=0
content-length: 0
content-type: text/html
date: Mon, 08 Jan 2024 23:56:28 GMT
expires: Mon, 08 Jan 2024 23:56:28 GMT
location: https://bitly.ws?banned=1
server: Apache
x-powered-by: PHP/5.5.38

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 280ms
178ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

f92c246a513c49bcc922ecfb7e8655ae1bf8f61812a5f559513e363404226021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51473
x-xss-protection: 0
server: cafe
etag: 3190987165823608140
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 23:56:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
78 KB 214ms
113ms Script
application/javascript 172.217.24.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f40.1e100.net

Software

Google Tag Manager /

Resource Hash

06c7f37c0838ca561ec753cb9df86f79849809603528ab5d2fde15bc32f42abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79892
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 23:56:28 GMT

GET
H2 200 pub-2614556310778759 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 280ms
172ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

a48cddf54f86f8d871b8853be96621781bb2c117ce6cec00d552128c549b2ddc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-qFx_dsGlm_7S1nvwLPoStQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-qFx_dsGlm_7S1nvwLPoStQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 style.css
bitly.ws/css/ 11 KB
3 KB 276ms
275ms Stylesheet
text/css 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to

Full URL: https://bitly.ws/css/style.css
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: b11dc47889de3326bebc34326b08c225799df4a275b28db686c6e3482b3f4bd7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
content-encoding: gzip
last-modified: Wed, 27 Dec 2023 14:06:38 GMT
server: Apache
etag: "2a1c-60d7e4eba09c9-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0
accept-ranges: bytes
content-length: 2516
expires: Mon, 08 Jan 2024 23:56:28 GMT

GET
H2 200 adframe.js Show response
bitly.ws/js/ 16 B
211 B 277ms
276ms Script
application/javascript 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to

Full URL: https://bitly.ws/js/adframe.js
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
server: Apache
etag: "10-5619511402320"
content-type: application/javascript
cache-control: max-age=0
accept-ranges: bytes
content-length: 16
expires: Mon, 08 Jan 2024 23:56:28 GMT

GET
H2 200 paypal.jpg
bitly.ws/gfx/ 9 KB
9 KB 548ms
548ms Image
image/jpeg 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitly.ws/gfx/paypal.jpg
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: 1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
server: Apache
etag: "2204-561cab086d14b"
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 8708
expires: Tue, 07 Jan 2025 23:56:28 GMT

GET
H2 200 paypal.png
bitly.ws/gfx/ 5 KB
6 KB 277ms
277ms Image
image/png 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitly.ws/gfx/paypal.png
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: 675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
server: Apache
etag: "158c-561cab06562ce"
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 5516
expires: Tue, 07 Jan 2025 23:56:28 GMT

GET
H2 200 pixel.gif
www.paypalobjects.com/pl_PL/i/scr/ 43 B
440 B 21ms
3ms Image
image/gif 192.229.232.89
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/pl_PL/i/scr/pixel.gif

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.232.89 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nwa/E7D3) /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: a391a8fa431e4
dc: ccg11-origin-www-1.paypal.com
content-length: 43
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
server: ECAcc (nwa/E7D3)
traceparent: 00-0000000000000000000a391a8fa431e4-e4c0477ab2bba470-01
etag: "5d5637c5-2b"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Tue, 09 Jan 2024 00:56:28 GMT

GET
H2 200 bmac.png
bitly.ws/gfx/ 3 KB
3 KB 533ms
532ms Image
image/png 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitly.ws/gfx/bmac.png
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: 54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
server: Apache
etag: "c86-6034889f203e4"
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3206
expires: Tue, 07 Jan 2025 23:56:28 GMT

GET
H2 200 stripe.png
bitly.ws/gfx/ 1 KB
2 KB 533ms
533ms Image
image/png 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitly.ws/gfx/stripe.png
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
server: Apache
etag: "54f-603488a24201d"
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1359
expires: Tue, 07 Jan 2025 23:56:28 GMT

GET
H2 200 bitly-chart.png
bitly.ws/gfx/ 210 B
400 B 533ms
532ms Image
image/png 185.11.100.204
CF-KRK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitly.ws/gfx/bitly-chart.png
Requested by: Host: bitly.ws
URL: https://bitly.ws/?banned=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.11.100.204 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS: v5103.vps.ogicom.net
Software: Apache /
Resource Hash: c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/?banned=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:28 GMT
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
server: Apache
etag: "d2-561cab088ec59"
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 210
expires: Tue, 07 Jan 2025 23:56:28 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ 403 KB
136 KB 150ms
149ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

deecef0ac81f9245f8c7f49f548c723b902341d8560bc2378b1d48d5e11f2028

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139400
x-xss-protection: 0
server: cafe
etag: 10024057448929369432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 23:56:29 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240104/r20190131/ Frame 6F76 9 KB
4 KB 353ms
2ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240104/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 78142
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 02:14:07 GMT
etag: 9219409622527106327
expires: Mon, 22 Jan 2024 02:14:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
249 B 497ms
98ms Ping
text/plain 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8Q1W6PKNCX&gtm=45je4130v9119634474&_p=1704758188834&gcd=11l1l1l1l1&dma=0&cid=674120509.1704758189&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704758189&sct=1&seg=0&dl=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&dt=Bitly%20%7C%20URL%20Shortener&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4952
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.24.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd15s20-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bitly.ws
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXolpi8vPIinz9EaA3hsRHaDB27BUHr1f5iTUaCFU9A2q51WN_C9kK145pdjrijsdj5Gatr826qVsFc2dfjQLBpIKaoqx-0oQAI-Edfh5Uf3o4hesaDSV5v5gXmeoKItc1c7C3zJQ== Show response
fundingchoicesmessages.google.com/f/ 12 KB
6 KB 152ms
151ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXolpi8vPIinz9EaA3hsRHaDB27BUHr1f5iTUaCFU9A2q51WN_C9kK145pdjrijsdj5Gatr826qVsFc2dfjQLBpIKaoqx-0oQAI-Edfh5Uf3o4hesaDSV5v5gXmeoKItc1c7C3zJQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA0NzU4MTg5LDI4MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJFOVd3amVSanlsYyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.E9WwjeRjylc.es5.O/am=wA/d=1/rs=AJlcJMzqYQAfuTSU5B4i-sWIKvgHEpzAtQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

3331d25bcdb538b2bf427fb3e4550f536a6ff688f76326f91c6faa6934d2a1dc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-miOm6btgC0gUU8VSztnQsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:29 GMT
content-security-policy: script-src 'report-sample' 'nonce-miOm6btgC0gUU8VSztnQsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 90FE 199 KB
54 KB 883ms
882ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&adk=1812271804&adf=3025194257&lmt=1704758189&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189158&bpp=7&bdt=342&idt=383&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5111256294081&frm=20&pv=2&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=399

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

c572b7132d304aef2a3f75fcb81eebd67dcb7552adc1c573f5c8ce8f662aa0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 55506
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:30 GMT
expires: Mon, 08 Jan 2024 23:56:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C869 131 KB
43 KB 1144ms
1143ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=200&slotname=1428154055&adk=624732521&adf=477754370&pi=t.ma~as.1428154055&w=1200&fwrn=4&lmt=1704758189&rafmt=11&format=1200x200&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189166&bpp=2&bdt=350&idt=402&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&rplot=4&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=415&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=408

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

403484aaa6bfde5e3e989a8dae08862d50e84226183a7db30529de965f54d4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:30 GMT
expires: Mon, 08 Jan 2024 23:56:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
253 B 212ms
212ms Image
image/gif 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=7.32447626759596

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-2fdVFB8dNohnK51hrJSbUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-2fdVFB8dNohnK51hrJSbUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
516 B 117ms
116ms Image
image/gif 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=2.573917523114706

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-K1hoTouvWac3iQ1DC2ah8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-K1hoTouvWac3iQ1DC2ah8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ 162 KB
55 KB 117ms
117ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/reactive_library_fy2021.js?bust=31080217

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

444f45306f20a9a5623e4bd370d217b617ba91d59e582fba21a4d76cd1a89c6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56258
x-xss-protection: 0
server: cafe
etag: 11818492471916095938
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 23:56:30 GMT

GET
H2 200 ca-pub-2614556310778759 Show response
fundingchoicesmessages.google.com/i/ 183 KB
60 KB 186ms
186ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2614556310778759?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

817136300e3fdd4de73dbbc33e22287f88de6dca6a5af6dfbc32701738340ccb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9bk6LGGaUNCnKmhi1bE-RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-9bk6LGGaUNCnKmhi1bE-RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C37D 712 B
655 B 453ms
452ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.1976031760~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x280&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1740&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=2&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

0bd44eb2b2f8123fbff7e30eaf04da334b4210cd6f7d19d58aac446930f523a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:30 GMT
expires: Mon, 08 Jan 2024 23:56:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C472 712 B
674 B 488ms
487ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=280&adk=3088186576&adf=3730911173&pi=t.aa~a.1976031760~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x280&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280&nras=3&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

0d7a3b2fced7b9719a2281261ef7f8b377e3a09265bf03ea36bbff9ef1f811cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:31 GMT
expires: Mon, 08 Jan 2024 23:56:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B8A2 114 KB
46 KB 545ms
544ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

8994e39b7459e518c8ff01c8531c5272a3ca7b53d442615204145d9bb110432b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 47111
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:31 GMT
expires: Mon, 08 Jan 2024 23:56:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4BF8 712 B
658 B 368ms
367ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=60&adk=273762757&adf=1414068304&pi=t.aa~a.1977424468~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x60&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=1&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

a2acc694732eefca2bf802796b7850770873c3f8298ad296f9ea2854ad152397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 360
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:30 GMT
expires: Mon, 08 Jan 2024 23:56:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
1 KB 502ms
105ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1kWrRhmXPQWKhrZ1GC2X1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-1kWrRhmXPQWKhrZ1GC2X1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://bitly.ws
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/ Frame 3F82 9 KB
4 KB 3ms
2ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 75191
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 03:03:19 GMT
etag: 9219409622527106327
expires: Mon, 22 Jan 2024 03:03:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 3F82 4 KB
744 B 497ms
97ms Stylesheet
text/css 142.250.66.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f10.1e100.net

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 22:44:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3F82 205 B
295 B 407ms
6ms Image
image/png 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 06:57:39 GMT
x-content-type-options: nosniff
age: 61132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 07 Jan 2025 06:57:39 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3F82 604 B
920 B 406ms
5ms Image
image/png 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 07:16:11 GMT
x-content-type-options: nosniff
age: 146420
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 06 Jan 2025 07:16:11 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/ Frame 3F82 16 KB
7 KB 508ms
10ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 11:24:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 11:24:42 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/ Frame 3F82 22 KB
9 KB 504ms
7ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 05:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 05:12:40 GMT

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame C869 9 KB
4 KB 393ms
4ms Script
text/javascript 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=200&slotname=1428154055&adk=624732521&adf=477754370&pi=t.ma~as.1428154055&w=1200&fwrn=4&lmt=1704758189&rafmt=11&format=1200x200&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189166&bpp=2&bdt=350&idt=402&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&rplot=4&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=415&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=408

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 08:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 574393
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 01 Apr 2024 08:23:18 GMT

GET
H2 200 eca8f43f04ace2cb887c6c133446ca43.js Show response
www.gstatic.com/mysidia/ Frame C869 11 KB
5 KB 393ms
4ms Script
text/javascript 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/eca8f43f04ace2cb887c6c133446ca43.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 23:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4745
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 01 Apr 2024 23:33:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C869 14 KB
2 KB 482ms
97ms Stylesheet
text/css 142.250.66.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 22:43:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame C869 2 KB
875 B 90ms
6ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/ Frame C869 23 KB
9 KB 91ms
7ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame C869 3 KB
1 KB 92ms
8ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame C869 20 KB
9 KB 477ms
3ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C869 205 KB
65 KB 709ms
306ms Script
text/javascript 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

sffe /

Resource Hash

daab8a66fad84e54d32b62c10a996179c4d17efc15fc7aa77a5927dbb6cd10a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704717871404979"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame C869 37 KB
15 KB 3ms
2ms Script
text/javascript 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 04:13:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 04 Apr 2024 04:13:40 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 68CC 143 B
228 B 3ms
2ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=200&slotname=1428154055&adk=624732521&adf=477754370&pi=t.ma~as.1428154055&w=1200&fwrn=4&lmt=1704758189&rafmt=11&format=1200x200&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758189166&bpp=2&bdt=350&idt=402&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&rplot=4&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=415&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=408
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 427
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:49:24 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FDBD 645 B
301 B 105ms
105ms Document
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM7C2ZoCEIfmwZ0CGMi6mukBMAE&v=APEucNVN5ugEh88RjcE4veipt1L2IvJsHp5iZD-g7aUYZjwp0iqPZ4Qbefrsim96c65_Fw19XLFi0kWlxnf3zhweGIqHsvpdkPGvlDC23g988_N2vSIlXqA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 6F73 111 KB
39 KB 355ms
2ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 04:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71519
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 04:04:32 GMT

GET
H2 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/ Frame 6F73 7 KB
3 KB 3ms
3ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240104/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 23:40:03 GMT

GET
H2 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240104/r20110914/ Frame 6F73 23 KB
9 KB 4ms
3ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240104/r20110914/abg_lite_fy2021.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:43:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 21:43:47 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F73 41 KB
14 KB 49ms
9ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 03:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 331033
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 03:59:18 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame 6F73 3 KB
1 KB 45ms
4ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 831D 1 KB
758 B 4ms
3ms Document
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 71859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 03:58:52 GMT
etag: 48472445140208031
expires: Tue, 09 Jan 2024 03:58:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame 6F73 20 KB
8 KB 42ms
4ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6F73 0
0 535ms
134ms Image
text/html 142.250.66.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSojwXgCiJb2iJK2I1tLVXg4xcyKnwizlChKxR3nOyutiE5OyD7thkyQIjnFl99H5y_yGUPwWrJeAZJ5gVjleOEDfd2wg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.66.228 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd15s15-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6F73 204 KB
61 KB 6ms
4ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

9edd5080ba31477d99e1ea20b721b25107635f954e55b74d6519d37e9f939f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62690
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 09 Jan 2024 00:10:04 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F73 42 B
173 B 139ms
138ms Image
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DbI61Sor6ZCrQrA1g1682FbTPkncOWgsDKj7hO7HEdyGI2UCn-DirLWrBdwptLvfDZtGSu4Cvsc16zaSHsE4G-wjFxt5K81R15DG2Wk0H7zN91cM0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 68CC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
145 B

127ms
126ms

Document
text/html

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:31 GMT
expires: Mon, 08 Jan 2024 23:56:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:31 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMw9_Vj0SRS56zYMfoGU2LQ&google_push=AXcoOmT8NaTU3A1u87aRKRaYILa2707C5ApZwtjsvXMFFIjM2IZytIJJob...

170 B
188 B

102ms
102ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMw9_Vj0SRS56zYMfoGU2LQ&google_push=AXcoOmT8NaTU3A1u87aRKRaYILa2707C5ApZwtjsvXMFFIjM2IZytIJJobhh0qh2iD6G6lakCJlA--z02WLcwtVzvhfahON-DZBs_FZV5h1ttRVBmXm5sEnGK2tsTuiK3WjVFKnJ3Oyp3DynOt5KJwe5Psid2g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-bne12522-BNE
pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1704758191.261836,VS0,VE229
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMw9_Vj0SRS56zYMfoGU2LQ&google_push=AXcoOmT8NaTU3A1u87aRKRaYILa2707C5ApZwtjsvXMFFIjM2IZytIJJobhh0qh2iD6G6lakCJlA--z02WLcwtVzvhfahON-DZBs_FZV5h1ttRVBmXm5sEnGK2tsTuiK3WjVFKnJ3Oyp3DynOt5KJwe5Psid2g
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEHAmPMGkQsyDry5ItM_V9TI&google_cver=1&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUdd2tD-kjWOIBKIlKljY82...
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=cHFOdnp5NHlDdWVFdkJDWnI0dWNaUQ%3D%3D&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUd...

170 B
188 B

102ms
102ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=cHFOdnp5NHlDdWVFdkJDWnI0dWNaUQ%3D%3D&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUdd2tD-kjWOIBKIlKljY82hXFyn_7MLQhy_8RRdq2jlBi8GGCopX3Wqhq1DO80gpPDI7mllwiiA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 08 Jan 2024 23:56:31 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=cHFOdnp5NHlDdWVFdkJDWnI0dWNaUQ%3D%3D&google_push=AXcoOmTxKq4XeqsGrt8TZMh43_4ifRuA6LnjkPhqKGsg0mY3t2vliAzGNQiqRwxCfz05exSaj7arMk-A6uxUdd2tD-kjWOIBKIlKljY82hXFyn_7MLQhy_8RRdq2jlBi8GGCopX3Wqhq1DO80gpPDI7mllwiiA
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 301

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEPeBgsADSxr8sz6DKw8VLL0&google_cver=1&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev5...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ixp5FsgBUsNLlU0cTOLBBkLLcKA&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev...

170 B
188 B

100ms
100ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ixp5FsgBUsNLlU0cTOLBBkLLcKA&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev5TpLqvsQ1OOfX3_xRNZWp7dKowMfCBSVpgypivDR04RsS85pyToFl-MI0zKFXmCs2k_7W_Ew

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ixp5FsgBUsNLlU0cTOLBBkLLcKA&google_push=AXcoOmQO0STn_kDaCopdBhnT_1k-p0agrwRYjJD5pIFF3-cyaH8zMtMCuiueIHFG7M69B0vm5EOSQdfVdDkdev5TpLqvsQ1OOfX3_xRNZWp7dKowMfCBSVpgypivDR04RsS85pyToFl-MI0zKFXmCs2k_7W_Ew
Date: Mon, 08 Jan 2024 23:56:31 GMT
Connection: keep-alive
Content-Length: 300
Content-Type: text/html; charset=utf-8

GET
H/1.1 404
Not Found doubleclick
app.cauly.co.kr/idsync_ssp/ Frame 831D 0
161 B 580ms
142ms Image
application/xml 133.186.161.89
NHN-AS-KR NHNCLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESEF78tPaBS5JCTO85qmrNXgo&google_cver=1&google_push=AXcoOmTYxUSxOJv1pmOvSXVg-YmIDzUv47BHcMJxNqcY4DNdBCo4XwoyihySzs_iHoZR95r-8YBX0gvqtbGz0J7d91eURNmVlBF6KL3EwKgtJbaBGWPz2gPrNeWhFyFvExZaPZ8m0xj-mUeE48aRnrVhwQfH
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 133.186.161.89 , Japan, ASN45974 (NHN-AS-KR NHNCLOUD, KR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 23:56:31 GMT
Server: nginx
Connection: close
Content-Length: 0
Content-Type: Application/xml;charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJTGicIrkYi4kqcOJIGPH-k&google_cver=1&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKx...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKxbdjqALWpZJoTk5xnHccO0N9EEJpIm6svA6mm...

170 B
188 B

99ms
98ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKxbdjqALWpZJoTk5xnHccO0N9EEJpIm6svA6mm_5lGosUSVAsz4bpnkClxdgZE7TvfnDCo0Oit

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTgsYdNTuW9glju3KwVK_iWJMFfZiRWlirev0q9XdtqM914bQkLSxh6BGEXB4cWbPW2r85XLYaFtQKxbdjqALWpZJoTk5xnHccO0N9EEJpIm6svA6mm_5lGosUSVAsz4bpnkClxdgZE7TvfnDCo0Oit
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESECEuMj35_5Bp-d7ial3jsJM&google_cver=1&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJ...
https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESECEuMj35_5Bp-d7ial3jsJM%26google_cver%3D1%26google_push%3DAXcoOmT7-6Ri3hqYdE-6uB...
https://rtb2-useast.e-volution.ai/sync?adkuid=A1750726987690333917&exchange=193&google_gid=CAESECEuMj35_5Bp-d7ial3jsJM&google_cver=1&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHE...
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTE3NTA3MjY5ODc2OTAzMzM5MTc&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hg...

170 B
188 B

102ms
101ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTE3NTA3MjY5ODc2OTAzMzM5MTc&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTE3NTA3MjY5ODc2OTAzMzM5MTc&google_push=AXcoOmT7-6Ri3hqYdE-6uBXwR21xGsno5uLB0TQ0QYe4Ji5WIaHEzzN6qd8BzvqBfHK7oV5Fq5wA9hgJJ2PVzYTahAnSlHniYn998f5bQLmgmEZ5tdwcqh3ZeYQMxpTQkzsjmGwlQs-2XA4cAysirn86UgPVtcY
Date: Mon, 08 Jan 2024 23:56:32 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831D
Redirect Chain

https://gtrace.mediago.io/ju/cs/google?google_gid=CAESED4VY-TTx3fPdB7Lq4Hf2Vk&google_cver=1&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a5m7qR8VvkwWzD1OKNEtKi9JxZvduBriu...

170 B
188 B

102ms
102ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a5m7qR8VvkwWzD1OKNEtKi9JxZvduBriukXrF4uspH4bivLoZ6PYB1yCnHdvB1af6vc&google_hm=746ded22ad0849ad2e6y2y00lr5l0f9u

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 08 Jan 2024 23:56:31 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSLq_HP0AcWFp8XD-Au9LkjMOtH30z1kZuwmzkvxbh2DwYX65i0-u0QNg5_tNn6YnrSljJdC5K6e9PxYciVwe3_a5m7qR8VvkwWzD1OKNEtKi9JxZvduBriukXrF4uspH4bivLoZ6PYB1yCnHdvB1af6vc&google_hm=746ded22ad0849ad2e6y2y00lr5l0f9u
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 831D 0
69 B 102ms
99ms Image
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jm11RNxyuPH_DBYUPdKmKkyPUoQFI0Sgnto4rm0r4KuBmC5bTNgjGo7PEKxI_k92G61Psw5Cg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 css
fonts.googleapis.com/ Frame E840 14 KB
1 KB 101ms
100ms Stylesheet
text/css 142.250.66.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 23:35:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame E840 2 KB
856 B 4ms
3ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/ Frame E840 23 KB
9 KB 6ms
3ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame E840 3 KB
1 KB 7ms
4ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame E840 20 KB
8 KB 4ms
2ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 20:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 20:50:49 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E840 205 KB
65 KB 210ms
207ms Script
text/javascript 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

sffe /

Resource Hash

daab8a66fad84e54d32b62c10a996179c4d17efc15fc7aa77a5927dbb6cd10a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704717871404979"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame E840 37 KB
15 KB 7ms
5ms Script
text/javascript 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240104/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 04:13:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 04 Apr 2024 04:13:40 GMT

GET
DATA 200
OK truncated
/ Frame 6F73 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f825a0287bd1cdf0eebca637c03056027fe4f0eaa73036b8625cc288e83d2255

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FDBD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0&C=1

43 B
770 B

118ms
118ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM7C2ZoCEIfmwZ0CGMi6mukBMAE&v=APEucNVN5ugEh88RjcE4veipt1L2IvJsHp5iZD-g7aUYZjwp0iqPZ4Qbefrsim96c65_Fw19XLFi0kWlxnf3zhweGIqHsvpdkPGvlDC23g988_N2vSIlXqA
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQCbc1e0OJiUpqgXAda%2BaS6K2Jfu7AyYdHSkMrSzubophCRi2cbGabss%2FUnHP2q9Ywklqx1gFHx6C7rSTUnNgGfV1kSOC6eL%2BKzimBXQIDS0d9Ud9gPXXkg5WItqMLFtu42%2F1rmLJ4kGVg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 842860a91a7caaef-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjNyFBrBC5%2B6RUTv1%2BfHqxMsJwoyZzTzhtwBrZ8uOHGI6SX4UiW7YHhxzbxX7Bg%2FRlVzdAPmy7cmRe9VrMuFRHBVYzotyJxfQLpLXSxgR172L97Rsu7cZS7q9LKXQA78hH1uqfoKRLSukg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1&gdpr=0&C=1
cache-control: no-cache
cf-ray: 842860a86b8479d2-SYD
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FDBD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZyLrw-Lyjl2kTC6VmuL8AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1

43 B
736 B

118ms
117ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM7C2ZoCEIfmwZ0CGMi6mukBMAE&v=APEucNVN5ugEh88RjcE4veipt1L2IvJsHp5iZD-g7aUYZjwp0iqPZ4Qbefrsim96c65_Fw19XLFi0kWlxnf3zhweGIqHsvpdkPGvlDC23g988_N2vSIlXqA
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CvKFji0P%2BCV6hLSBAYrdgUZ3WO4wVfz468epdNr6x2H4%2BhOt557v9TzvjRDzXbpp4ZC1jmvxqgoAk3VZprEdf9T4LyqXDJvi%2FmRzBsH3pE4FV1%2FvgBwMo4kbzDKhLZ5iPYe7csTqf73EA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 842860aa1b5eaaef-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN0L0OdgFGZ01tSMZ-3h79E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame FDBD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEGmNrJAbL-BoWDJlGSoC4xU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D0%26code%3DCAESEGmNrJAbL-BoWDJlGSoC4xU%26google_cver%3D1

43 B
1 KB

102ms
101ms

Image
image/gif

103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D0%26code%3DCAESEGmNrJAbL-BoWDJlGSoC4xU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM7C2ZoCEIfmwZ0CGMi6mukBMAE&v=APEucNVN5ugEh88RjcE4veipt1L2IvJsHp5iZD-g7aUYZjwp0iqPZ4Qbefrsim96c65_Fw19XLFi0kWlxnf3zhweGIqHsvpdkPGvlDC23g988_N2vSIlXqA

Protocol

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
an-x-request-uuid: b5139c6a-fd80-41ad-a152-a56516bffb99
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 66.203.112.160; 66.203.112.160; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
an-x-request-uuid: 49524317-3819-4fd1-8d39-e86d1dbaa510
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D0%26code%3DCAESEGmNrJAbL-BoWDJlGSoC4xU%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.160; 66.203.112.160; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FDBD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxNTg4NzkwODQ4MTI4MjY0Nw%3D%3D

170 B
188 B

98ms
98ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxNTg4NzkwODQ4MTI4MjY0Nw%3D%3D

Requested by

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
an-x-request-uuid: 8146f8b5-c696-4ff7-b3b4-2ed6dd1413c4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxNTg4NzkwODQ4MTI4MjY0Nw%3D%3D
x-proxy-origin: 66.203.112.160; 66.203.112.160; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 advhd.-adops. Show response
fundingchoicesmessages.google.com/f/AGSKWxV_5OFKdcqnfujXixfaVwm4yDcJ6qoKmuZD5Stk2KNKhLI7zJIeKrmlJJwM9sjQfLTe1CVEHXdo9rWM4eZtPXkZRKSC78bdJVvwvLlc9yPWa8MPQqWrBeVUQRrst9GcDW1JvjYc0EYjLPsyI0zGXzbzpy5Sz... 54 B
298 B 116ms
115ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV_5OFKdcqnfujXixfaVwm4yDcJ6qoKmuZD5Stk2KNKhLI7zJIeKrmlJJwM9sjQfLTe1CVEHXdo9rWM4eZtPXkZRKSC78bdJVvwvLlc9yPWa8MPQqWrBeVUQRrst9GcDW1JvjYc0EYjLPsyI0zGXzbzpy5SzfCvUZkeToNEc5bMerpGrRKWfJWvKl2E/_/ads/tr_/iframe_sponsor_/ad/superbanner./advhd.-adops.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.E9WwjeRjylc.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzeRtRyCeCjLyO8aovSfxmfvo8Mdw/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

94bf713fa9549d5bb3798f66847448ca58c2236b7bdb009891f802326235e290

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wsUcJKXUUss-I719vnuQOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-wsUcJKXUUss-I719vnuQOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 30 KB
11 KB 4ms
3ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

b7f80935106390ce68b498562c40c39863298cf9edd85faa71d35fcdf848a6c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:21:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2087
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11403
x-xss-protection: 0
server: cafe
etag: 8337112287831120551
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 09 Jan 2024 00:21:44 GMT

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 301ms
301ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-i1CYYLwA_WlgHU2WbpzP8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-i1CYYLwA_WlgHU2WbpzP8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://bitly.ws
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C869 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17a1fb94fbff5ab6a2039620c7b18dd0a7d3370340b059d63a5f8caca7b75962

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 597B 38 KB
13 KB 3ms
2ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 331147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 03:57:24 GMT
expires: Sat, 04 Jan 2025 03:57:24 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 509ms
509ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sCm95rjBd5dxRNkFG4hI9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-sCm95rjBd5dxRNkFG4hI9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://bitly.ws
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 597B 39 KB
15 KB 2ms
2ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 04:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157829
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jan 2025 04:06:02 GMT

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 519ms
518ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-CdTVtupRaeKcRmDWKm5b0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-CdTVtupRaeKcRmDWKm5b0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://bitly.ws
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 565ms
564ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lBRVk9l2g35J1HLWQJzCHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lBRVk9l2g35J1HLWQJzCHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://bitly.ws
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxVSypqgI-W4rVUQ6rqwehfzNYOaBf6H1XqohBpqpUB1txgXQ9qjQMiUR0g6uZe3WLgj4lvDn7ZRnWoDz2ralX-KMti4NmVgLoU1mgTf9ZqlLDaaVjRzeEMfc1mCG7LZwe7rJlyOYA== Show response
fundingchoicesmessages.google.com/f/ 5 KB
2 KB 236ms
236ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVSypqgI-W4rVUQ6rqwehfzNYOaBf6H1XqohBpqpUB1txgXQ9qjQMiUR0g6uZe3WLgj4lvDn7ZRnWoDz2ralX-KMti4NmVgLoU1mgTf9ZqlLDaaVjRzeEMfc1mCG7LZwe7rJlyOYA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA0NzU4MTkxLDQ0NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vYml0bHkud3MvIixudWxsLFtbOCwiRTlXd2plUmp5bGMiXSxbOSwiZW4tR0IiXSxbMTksIjIiXSxbMTgsIltbWzBdXV0iXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

d8c52f357a05daf01d104355bdd49c99ac300cf0e514e7b8a12e5fb0511d9624

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3lt_47HSiMOAbWy-O_HDgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-3lt_47HSiMOAbWy-O_HDgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 597B 0
59 B 139ms
139ms Image
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BaVSIroucZZ7cJpr7rtoP5OaYwA4AAAAAOAHgBAI&bg=!5Oel56jNAAY3kmNgF5I7ADQBe5WfODuCrSjoramhZJjAWMO97OMXANOUiXra2CHzCGFHeKEFrV42pOWKz6OhxsUg3oUqAgAAAFdSAAAAA2gBB5kDCn4UIEtlGv6dQ_9jSH_5uD0BHvVQGZgyjEWvUL-od_n7_RMJuFeDHoxTVwHyuoiKPIFssNl0hS9LUkUwaHF4j1cUKc6iPYi5p5XebN1mF-zsrUTcVT12ZpR-CQ1BndlP-JIoOCNbNl03GXOmi2QWmdPbcprq3onCSu6pvzWwDhMkNIebXsJAMI-cQ2eyljTNZII6sdkoXxG9tjN9RHWd8KYfDpDq85UPJo6DOJBWnku237UcM9Q34dPIqF88K3_ePAfdPUn3uA5dTQdvHQLbPiko07tLjs03dnpD_9BRF7_JdvTryEa83927YFrgRDJoWeXbWWSuPyKWs1Aq1Fy0ARuAmOAAdsJ8er2Hp2BnPJUeom2FXKqKutLQjuvsuy2_BgAbc0vrLzF-1aFpOZcGhkbrJU7h-JhiWHgFpW8QJea2oFlJn9RLxNhCXP60iHJnp1ORWJYQBALymdgwYFvu8YGrgOs14d3CmeEXjeHRNi76uIkAmfTUUDGqaWR9XVLyUkBvujv0nIqIh8YRLmi6weMRzR-n-XwX63c44noYCuT7t94IoYIjZIu-gXmCOAMbbaXtmMdNgS11tLrVFVizuYeH17aqr2F249FONe4wHyep8VpxSErV6WpNfWAQaPH2Cv6aYqNzbnox9IPjXiWWrw2Nbp4QjFxcjhRObpa-wUZsLGhLOR40ECxLev9q5mD3sfoj6K4HV2ZUyUrJV1-mAdjWvBhT9Di3nZbWHl5MJtxrqwgyRpqohjFScbh0auEIN15YcFf1tUYAnAetmwHbbh9NUkyx1OAZOS-ZaohPtH8o9byPc7dHykdso_bekteTh7OohuxuIO7gnPW-65cL-nyFV4t7HjsYTs2UMNHyTu_B_wnvorKMPe9d6p99TbUs8T9jS649Sby1W4OplETCZi5eL_txj9cHoR3-Ub767i560AoS8Qq6t0DUUfPoYX33v-ErvNlYCzpWUWWlbh7EFAlv_Zad_PFVF9dB0wLcRPHi91Z8sKM1g1lPjaaEmUUyWK6ENGrYXacRtvA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-2614556310778759&output=html&h=90&adk=2743202993&adf=1893186479&pi=t.aa~a.1977423791~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1704758190&rafmt=1&to=qs&pwprc=2480099511&format=1200x90&url=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704758190555&bpp=1&bdt=1739&idt=-M&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1200x280%2C1200x280&nras=4&correlator=5111256294081&frm=20&pv=1&ga_vid=674120509.1704758189&ga_sid=1704758190&ga_hid=3622837&ga_fc=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2393&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080262%2C31080265%2C31080217%2C95320868%2C95320890&oid=2&pvsid=1443814899529067&tmod=906313958&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/9447093130885001669/ Frame FDFD 35 KB
6 KB 304ms
3ms Document
text/html 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

38af94dfde9da3ea70cf41fc4bae572f5a2e951ce48a5d17a4b9388792368433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 439514
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5874
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 21:51:17 GMT
expires: Thu, 02 Jan 2025 21:51:17 GMT
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 6F73 0
0 247ms
147ms Fetch
image/gif 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvAIS3FU8P0cWXKJ8ESExEZlUUceDPoNCUwoRSVlPU1eg7DToxAWceFMtkUlhlUAnjlR-xPuv8D79i0HfAnppxnbvP1ZKDaSctQ4TFntrIwIAe3d8LrZOCePXWFhx2l9-44wK1tXAwAFSyJg4RXiNkavAMPRP5sbRfnB7tjEmJkvpNZBvPKjO0V8wVMZKOHwp-Vw2uNCWJsUz1vSzWlSJ9MabjfXIzyJZsc1LrIxigdJEGaoHbdVZz6Hfc5nf5jWnvjcdYIN_OWQnUbG3YuSNHe264B5dzc_CiG-e7w4m9ZtvLHnjXqHR-6z9eDIDYa_L3OE6s014o2MnZd_K2wq-WUvn0GrGlOqBdNrzr8qSizMfSuC6idnnhJnG-yi4adj-sXsuMl8nRTi1iefM-G6yGyNBCx2kBZxxIDSZvHH6MA517IlrKcXRp4z-l4laxNFrImrx9pkfFLxsUpaDZbfYrfCiCKCwWEOhUGDgZUg7E1ZDDZE4lOPC6O95-HgxwnLPb0Tg_s-km1JGRub7U2EjSex_kci2-f9HqICqIok5QdaCpjEP4KXNGyaqpP6xg6fYqs4dwyGWp_09jH1tVMwAhTusQcGygJucvunfJVLqgiuTF61b2hP4-5MNT4Raxn8k3uu1wmZVryoqic010Fu48M3VZ76r6ErDG27VcYmBw7xEKrpexWWCkxd-vfySGxP2ArBHGfqnXoNjZPdb0HEeqwo5ocg55cGx6dpAEwAmjuzoI1O9gDcJdEjV-Ls3sOUO5FThCJwXBmpsyt2vNxa9KSNshp53OWJleKn_iM_k32renrmLg4TZH8LyZKDDj93mK_uESVkDN5hk7PD7xWBNrXpPY3MeO5L5zb1-DTpxAZ_Q0m07b6XQV9G6BgpRk6BOOMQPnsmn_Uxoxy-1mC6HvplzXOmlSEKfLKcqtQ_AvSuxmJzC94z63CP4Ov0lSJefhS_RgS-s5FjeM1rbfoh9nZdlUId8XNElL8JMqVAq83itErUDhjbw2HfZDcF-AQ91WXwbPCdHepPXwP9sv3xIdPOkwEz7VUdL8Ptrq2A48kPB2quqpCkEG3rokyXwZtcw8VpAXoQlP5Fq1rgmIw7svtGAYWgusHa_dincx_-_R1_FVfsWbTWdqGz90G3nMnROlA7djhMpW0m4QMc8uOwGvJb4zvnB6p1lMkhBLzmdVYNyWt60uLy1c6Y9yFYTL6oTWrYWpysTTJ04dyg2ntZHlMvoci1CbEs-jtojPaMYMzhs18VVZZmDNKyv3sjum0mVWsLMsZpGFfptlWqy2Uv13s5yycWDQQMuBnrvVRtl2qlhq6GjBCFXNiDeojOQLTIzW357rh_EbCLyBh9h1KDRPbS9g95NX-AAEUQkmXuf4Lcbja2cxQKu3gS6TYMgv6&sai=AMfl-YRYflbPZYaW63Wj1Mn0-GDfQpwigCxn1BtQ8THqik3lajrvXWSXT9VimRfGDA73vaetOlnXc32ILhcuY5Wuoj1NWokUD1L4LBAd2DGlXJm5bFKaFoxfz48ZlNRtB1XjfCOy2SNjD8HvABJLiZEX_nhUx9Qc3M8yPP1VYhcHQLzRHzn6Dlm4JZ9ioDAGzFEaIcKaNWOUiCz18MqAo1GIGjm3lj4l3dQfMXERlmfcdoXMSbhcPg5DGAUEcRQmb0v1af4j8ZDjNdkV0_ZRCZ4Ot3xXkY8FYChtcG8oHPbjGpJCkDHqHUXVH4NEt4_1z_7W2xX5m_jG7ETlNvEiP0a0JC1QWeaXgKMZ77nu229Uxbpg0xKEfJiIx0zHnWQg_DCIz5h7fk0ZRJEn4bdyWbngPQG5-4H-O3aPmWt38q9duh67_fsUb5MlVFo&sig=Cg0ArKJSzJ7DeFQldzPXEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly91dGFzLmVkdS5hdQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=368&cbvp=1&cstd=365&cisv=r20240104.73289&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 23:56:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame C104 50 KB
19 KB 4ms
4ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 22:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 22:25:17 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame C869 33 KB
34 KB 402ms
3ms Font
font/woff2 142.250.204.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 08:01:53 GMT
x-content-type-options: nosniff
age: 575679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 08:01:53 GMT

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 304ms
304ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZWdslUN3ZRABp30v86JmNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-ZWdslUN3ZRABp30v86JmNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://bitly.ws
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxUwbczSioDOEQetJGdWR3cGYJ2uv4tJXrc5JfMSxTXK4S73eENj3KRCE-Ae6xW5dtXbuPzjpKXRzovB2lP5TcU38YzQ8tsxgO4jfdGkrFQAYJQNK8ZwrcHuWavz_Pl79hwYGm_T-Q== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 225ms
225ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUwbczSioDOEQetJGdWR3cGYJ2uv4tJXrc5JfMSxTXK4S73eENj3KRCE-Ae6xW5dtXbuPzjpKXRzovB2lP5TcU38YzQ8tsxgO4jfdGkrFQAYJQNK8ZwrcHuWavz_Pl79hwYGm_T-Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA0NzU4MTkxLDcwNzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vYml0bHkud3MvIixudWxsLFtbOCwiRTlXd2plUmp5bGMiXSxbOSwiZW4tR0IiXSxbMTksIjIiXSxbMTgsIltbWzBdXV0iXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

af8926c90e381ff4fb6ecc87d504bdef94761e51b4c7fabe8b0694ba48992c68

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-cHNOFm28aaK2KeHUPVikxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:31 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-cHNOFm28aaK2KeHUPVikxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e1d72e4a28f55e88c393f4b18032017a.js Show response
s0.2mdn.net/sadbundle/9447093130885001669/ Frame FDFD 126 KB
36 KB 3ms
3ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/e1d72e4a28f55e88c393f4b18032017a.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

6a0ae00ae1e92999df5730942b5106c5f480455a7fbfc1f3bd6ced7f31ac1b9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:51:17 GMT
date: Wed, 03 Jan 2024 21:51:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 439514
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36988
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 css
fonts.googleapis.com/ Frame FDFD 3 KB
653 B 99ms
97ms Stylesheet
text/css 142.250.66.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/e1d72e4a28f55e88c393f4b18032017a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f10.1e100.net

Software

ESF /

Resource Hash

54a08222ba7c3ba74cf99a06a4252ba20a5a291da1a5e3eda40c355e5ffdc245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jan 2024 23:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 23:17:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jan 2024 23:56:31 GMT

GET
H2 200 6a0111182c3e513b696f2080f1b54766.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 161 KB
161 KB 8ms
6ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/6a0111182c3e513b696f2080f1b54766.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

7f6e40117f4f9b081c6728eb0f8f7026641914b57cee5a14e52b57d7552ccff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 13:02:57 GMT
date: Fri, 05 Jan 2024 13:02:57 GMT
x-content-type-options: nosniff
age: 298414
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165037
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 92d0122fbdc61567fcfe630d6a0fae53.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 169 KB
169 KB 7ms
6ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/92d0122fbdc61567fcfe630d6a0fae53.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

a9d0eab5bc0645b2280e90fe9f3026950df38da97e889613d6b66993bdf334aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:51:18 GMT
date: Wed, 03 Jan 2024 21:51:18 GMT
x-content-type-options: nosniff
age: 439513
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 172716
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 ba9e7c3b53b27098266a4a3a8b72a633.jpg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 24 KB
24 KB 8ms
7ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/ba9e7c3b53b27098266a4a3a8b72a633.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

5344c66582957a1fbda436c4285be3d40b3d9ef717a611fe2285af93b9e73a7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 13:02:57 GMT
date: Fri, 05 Jan 2024 13:02:57 GMT
x-content-type-options: nosniff
age: 298414
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24683
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 428bbb0029886aaf7bf8c742355d527e.jpg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 12 KB
12 KB 5ms
4ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/428bbb0029886aaf7bf8c742355d527e.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

2d580baaf3e1b794752c939a8a54beb86bfdbf6450bdaa007d532f6e2d113668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:50:34 GMT
date: Wed, 03 Jan 2024 21:50:34 GMT
x-content-type-options: nosniff
age: 439557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12448
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 9976d9e3d8ad58a5da38c0b672923870.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 101 KB
101 KB 11ms
10ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/9976d9e3d8ad58a5da38c0b672923870.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

eeb676a5263c8eede3c783b81ee82cfd03da946a3a7b6b8085f98f4fbf1822a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:33:29 GMT
date: Wed, 03 Jan 2024 21:33:29 GMT
x-content-type-options: nosniff
age: 440582
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103323
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 95f7ed5b218c88da2623cd61eda2cde2.svg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 17 KB
8 KB 6ms
5ms Image
image/svg+xml 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/95f7ed5b218c88da2623cd61eda2cde2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

78f8b3f017fa53140729d12ea8f03cf5c28146aaf9cfec8f49122e3fbc747399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 21:33:26 GMT
date: Tue, 02 Jan 2024 21:33:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 526985
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7640
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 acdc2abd7f4f9078b136436c51e93b88.svg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 17 KB
7 KB 12ms
11ms Image
image/svg+xml 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/acdc2abd7f4f9078b136436c51e93b88.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

a996e4efd5768ab140aa5a0718072572ce0cf24e98b418b2e186ad56c4713f84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 00:26:39 GMT
date: Thu, 04 Jan 2024 00:26:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 430192
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7267
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 AGSKWxW0cwWNnHLFRthBMyrjqy2TOZXWHHhOh8TORZtpTCuhAb0FzW0w_PT7YvVKSk8UnKQ4Y18kbGac2ZnDF7LyECL85SxgHpXHOJxqMOeT0qJrzRjiLgQRr7iNUVJXMdk9iZdkFxGFIw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 139ms
138ms Script
application/javascript 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW0cwWNnHLFRthBMyrjqy2TOZXWHHhOh8TORZtpTCuhAb0FzW0w_PT7YvVKSk8UnKQ4Y18kbGac2ZnDF7LyECL85SxgHpXHOJxqMOeT0qJrzRjiLgQRr7iNUVJXMdk9iZdkFxGFIw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA0NzU4MTkxLDk0MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJFOVd3amVSanlsYyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdLFsxOCwiW1tbMF1dXSJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

36f68b4a576792fa328ca2c9ef1477408acfc26ac49839f5cbde1759a6424689

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-dGPfDeyfgMpHtAA6TXq1Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-dGPfDeyfgMpHtAA6TXq1Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FDFD 32 KB
32 KB 66ms
5ms Font
font/woff2 142.250.204.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f3.1e100.net

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 08:48:13 GMT
x-content-type-options: nosniff
age: 572899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 08:48:13 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame C869
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C7SLqrYucZaCFJ8mejMwPj-KHyAeutsyyasGf68nYD6Tn8u2VAhABIKyQlQJgpYCAgJABoAHF14eSKMgBAagDAcgDwwSqBMoBT9AmHDDbw9_Vs4GWk_V4Ttn76uthwt3cHwIa6IetywjhcY4...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6c431eff8536aaf50000000000000000%22,%222%22:%220xc22e2252d8d48050000000000000000%22,%223%22:%220x37b5085...

0
0

236ms
139ms

Fetch
text/css

142.250.67.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6c431eff8536aaf50000000000000000%22,%222%22:%220xc22e2252d8d48050000000000000000%22,%223%22:%220x37b508512e49edd60000000000000000%22,%224%22:%220x40337d195ade243d0000000000000000%22,%225%22:%220xd1ea0497e3a897e90000000000000000%22},%22debug_key%22:%228993965344274027192%22,%22debug_reporting%22:true,%22destination%22:%22https://software.fish%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210775292869%22],%2222%22:[%22true%22],%224%22:[%2201-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225816473840770686769%22}&andc=true

Protocol

Server

142.250.67.2 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x6c431eff8536aaf50000000000000000","2":"0xc22e2252d8d48050000000000000000","3":"0x37b508512e49edd60000000000000000","4":"0x40337d195ade243d0000000000000000","5":"0xd1ea0497e3a897e90000000000000000"},"debug_key":"8993965344274027192","debug_reporting":true,"destination":"https://software.fish","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10775292869"],"22":["true"],"4":["01-08"],"6":["true"]},"priority":"500","source_event_id":"5816473840770686769"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 23:56:32 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 23:56:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x6c431eff8536aaf50000000000000000","2":"0xc22e2252d8d48050000000000000000","3":"0x37b508512e49edd60000000000000000","4":"0x40337d195ade243d0000000000000000","5":"0xd1ea0497e3a897e90000000000000000"},"debug_key":"8993965344274027192","debug_reporting":true,"destination":"https://software.fish","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10775292869"],"22":["true"],"4":["01-08"],"6":["true"]},"priority":"500","source_event_id":"5816473840770686769"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 6F73 0
0 143ms
142ms Fetch
image/gif 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvAIS3FU8P0cWXKJ8ESExEZlUUceDPoNCUwoRSVlPU1eg7DToxAWceFMtkUlhlUAnjlR-xPuv8D79i0HfAnppxnbvP1ZKDaSctQ4TFntrIwIAe3d8LrZOCePXWFhx2l9-44wK1tXAwAFSyJg4RXiNkavAMPRP5sbRfnB7tjEmJkvpNZBvPKjO0V8wVMZKOHwp-Vw2uNCWJsUz1vSzWlSJ9MabjfXIzyJZsc1LrIxigdJEGaoHbdVZz6Hfc5nf5jWnvjcdYIN_OWQnUbG3YuSNHe264B5dzc_CiG-e7w4m9ZtvLHnjXqHR-6z9eDIDYa_L3OE6s014o2MnZd_K2wq-WUvn0GrGlOqBdNrzr8qSizMfSuC6idnnhJnG-yi4adj-sXsuMl8nRTi1iefM-G6yGyNBCx2kBZxxIDSZvHH6MA517IlrKcXRp4z-l4laxNFrImrx9pkfFLxsUpaDZbfYrfCiCKCwWEOhUGDgZUg7E1ZDDZE4lOPC6O95-HgxwnLPb0Tg_s-km1JGRub7U2EjSex_kci2-f9HqICqIok5QdaCpjEP4KXNGyaqpP6xg6fYqs4dwyGWp_09jH1tVMwAhTusQcGygJucvunfJVLqgiuTF61b2hP4-5MNT4Raxn8k3uu1wmZVryoqic010Fu48M3VZ76r6ErDG27VcYmBw7xEKrpexWWCkxd-vfySGxP2ArBHGfqnXoNjZPdb0HEeqwo5ocg55cGx6dpAEwAmjuzoI1O9gDcJdEjV-Ls3sOUO5FThCJwXBmpsyt2vNxa9KSNshp53OWJleKn_iM_k32renrmLg4TZH8LyZKDDj93mK_uESVkDN5hk7PD7xWBNrXpPY3MeO5L5zb1-DTpxAZ_Q0m07b6XQV9G6BgpRk6BOOMQPnsmn_Uxoxy-1mC6HvplzXOmlSEKfLKcqtQ_AvSuxmJzC94z63CP4Ov0lSJefhS_RgS-s5FjeM1rbfoh9nZdlUId8XNElL8JMqVAq83itErUDhjbw2HfZDcF-AQ91WXwbPCdHepPXwP9sv3xIdPOkwEz7VUdL8Ptrq2A48kPB2quqpCkEG3rokyXwZtcw8VpAXoQlP5Fq1rgmIw7svtGAYWgusHa_dincx_-_R1_FVfsWbTWdqGz90G3nMnROlA7djhMpW0m4QMc8uOwGvJb4zvnB6p1lMkhBLzmdVYNyWt60uLy1c6Y9yFYTL6oTWrYWpysTTJ04dyg2ntZHlMvoci1CbEs-jtojPaMYMzhs18VVZZmDNKyv3sjum0mVWsLMsZpGFfptlWqy2Uv13s5yycWDQQMuBnrvVRtl2qlhq6GjBCFXNiDeojOQLTIzW357rh_EbCLyBh9h1KDRPbS9g95NX-AAEUQkmXuf4Lcbja2cxQKu3gS6TYMgv6&sai=AMfl-YRYflbPZYaW63Wj1Mn0-GDfQpwigCxn1BtQ8THqik3lajrvXWSXT9VimRfGDA73vaetOlnXc32ILhcuY5Wuoj1NWokUD1L4LBAd2DGlXJm5bFKaFoxfz48ZlNRtB1XjfCOy2SNjD8HvABJLiZEX_nhUx9Qc3M8yPP1VYhcHQLzRHzn6Dlm4JZ9ioDAGzFEaIcKaNWOUiCz18MqAo1GIGjm3lj4l3dQfMXERlmfcdoXMSbhcPg5DGAUEcRQmb0v1af4j8ZDjNdkV0_ZRCZ4Ot3xXkY8FYChtcG8oHPbjGpJCkDHqHUXVH4NEt4_1z_7W2xX5m_jG7ETlNvEiP0a0JC1QWeaXgKMZ77nu229Uxbpg0xKEfJiIx0zHnWQg_DCIz5h7fk0ZRJEn4bdyWbngPQG5-4H-O3aPmWt38q9duh67_fsUb5MlVFo&sig=Cg0ArKJSzJ7DeFQldzPXEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly91dGFzLmVkdS5hdQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=882&vt=11&dtpt=514&dett=3&cstd=365&cisv=r20240104.73289&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BA0 50 KB
19 KB 2ms
2ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 22:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 22:25:17 GMT

GET
H2 200 6a0111182c3e513b696f2080f1b54766.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 161 KB
161 KB 4ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/6a0111182c3e513b696f2080f1b54766.png

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

7f6e40117f4f9b081c6728eb0f8f7026641914b57cee5a14e52b57d7552ccff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 13:02:57 GMT
date: Fri, 05 Jan 2024 13:02:57 GMT
x-content-type-options: nosniff
age: 298415
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165037
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 92d0122fbdc61567fcfe630d6a0fae53.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 169 KB
169 KB 7ms
5ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/92d0122fbdc61567fcfe630d6a0fae53.png

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

a9d0eab5bc0645b2280e90fe9f3026950df38da97e889613d6b66993bdf334aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:51:18 GMT
date: Wed, 03 Jan 2024 21:51:18 GMT
x-content-type-options: nosniff
age: 439514
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 172716
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 ba9e7c3b53b27098266a4a3a8b72a633.jpg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 24 KB
24 KB 8ms
6ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/ba9e7c3b53b27098266a4a3a8b72a633.jpg

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

5344c66582957a1fbda436c4285be3d40b3d9ef717a611fe2285af93b9e73a7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 13:02:57 GMT
date: Fri, 05 Jan 2024 13:02:57 GMT
x-content-type-options: nosniff
age: 298415
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24683
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 428bbb0029886aaf7bf8c742355d527e.jpg
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 12 KB
12 KB 8ms
7ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/428bbb0029886aaf7bf8c742355d527e.jpg

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

2d580baaf3e1b794752c939a8a54beb86bfdbf6450bdaa007d532f6e2d113668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:50:34 GMT
date: Wed, 03 Jan 2024 21:50:34 GMT
x-content-type-options: nosniff
age: 439558
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12448
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 9976d9e3d8ad58a5da38c0b672923870.png
s0.2mdn.net/sadbundle/9447093130885001669/media/ Frame FDFD 101 KB
101 KB 10ms
9ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9447093130885001669/media/9976d9e3d8ad58a5da38c0b672923870.png

Requested by

Host: bitly.ws
URL: https://bitly.ws/?banned=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f6.1e100.net

Software

sffe /

Resource Hash

eeb676a5263c8eede3c783b81ee82cfd03da946a3a7b6b8085f98f4fbf1822a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9447093130885001669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Thu, 02 Jan 2025 21:33:29 GMT
date: Wed, 03 Jan 2024 21:33:29 GMT
x-content-type-options: nosniff
age: 440583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103323
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 13:41:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

POST
H2 204 AGSKWxWpnEJCYy8Ahe_Rel0ZJirVhqxua0KSS8li2VY7lAJnT8w0LF-ZCWndY8Cx-DEr48n8UqyTqke4XYeEMo7dgr9F-7w4qU7gYweR0AcTmS6WgK3bzRgYamPfSjG0Ve3z_OTObSAdkQ== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 107ms
107ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWpnEJCYy8Ahe_Rel0ZJirVhqxua0KSS8li2VY7lAJnT8w0LF-ZCWndY8Cx-DEr48n8UqyTqke4XYeEMo7dgr9F-7w4qU7gYweR0AcTmS6WgK3bzRgYamPfSjG0Ve3z_OTObSAdkQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-nPIqMJXKDREOvQiAnc_hKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-nPIqMJXKDREOvQiAnc_hKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://bitly.ws
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 566ms
566ms XHR
text/html 172.217.167.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVbni9uJPJlTRNEVkmx3A7jTX1UIdpxHh7jUA0BgdblD9mA0QhHPGHB2Eirg9ohfEeAwWdaAk3W6_PLAKgcvV63ma6gR9w4ZWSZQW72nrLus5Im_AShZ2X4PWz4oFQkJ6htSOnfDw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-maE0gJG6X9E258nDr7a2ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-maE0gJG6X9E258nDr7a2ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://bitly.ws
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 826ms
128ms XHR
application/json 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240104&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e87bd5a5698b7518f5f3720f84088f42b6324036ff65fa02ec0d95e8533f1938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12361
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 241ms
138ms Preflight
text/html 142.250.67.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.67.2 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 23:56:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 155ms
154ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_fy2021.js?bust=31080217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 23:56:33 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C869 42 B
174 B 143ms
143ms Fetch
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8zJFakhNDcFX9PPC5qzds_h9qX_ND6IFZnQ9WZJi7eKwhfdNGQvOd3BUNJdHUwY6IhTymKITP_jpt-ueFj0llUtislf2hdCzzdZRKYembRlUQfRKPA-2sfucJkMxYx4gdr2BQhIqa6PSMC6pCRJ-vPjCH&sai=AMfl-YT9V2byxBlFoZvU03FvlQ7gWTrma838CIztP-HLkhSXHVYprvGui_m_FFfHLS1u_oNkPPA7Y2D9MyXq0_OrUFA-vavC-5XXGv8al1Q505wtORuQuV-dppQR06PiSawuB2o3ZT4VV7D9sYzUKDiH&sig=Cg0ArKJSzApHMx9Nne4lEAE&cid=CAQSTgAvHhf_vb9llpud-oTOvgsfAOMEgKftqj_RfFDmgnm-SNNARqWOe35Zn5jGKWWQT--nawKgDvdCh-0N2Z3Dj3aSXUAydHO7t4um1cnV4xgB&id=lidar2&mcvt=1000&p=0,0,200,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240108&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=624732521&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704758189575&rpt=2481&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 23:56:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5B74 13 KB
5 KB 4ms
3ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f33.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 330807
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 04:03:06 GMT
expires: Sat, 04 Jan 2025 04:03:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A526 829 B
999 B 101ms
100ms Document
text/html 142.250.66.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.228 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f4.1e100.net

Software

GSE /

Resource Hash

92e8241931584599a0dc81ef0214969c5b04800c8430a7a7234a201507d08d4c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UNS_JZwyTBlhCVQWOJdocA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bitly.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-UNS_JZwyTBlhCVQWOJdocA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 23:56:33 GMT
expires: Mon, 08 Jan 2024 23:56:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B74 39 KB
15 KB 3ms
3ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 21:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 21:12:14 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame 5B74 0
40 B 3ms
2ms Image
text/plain 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jv1HYg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.24.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f33.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:56:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A526 0
0 139ms
138ms Image
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240104&jk=1443814899529067&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s25-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 140ms
140ms Image
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240104&jk=1443814899529067&bg=!jI-lj8DNAAaumcC-jpk7ADQBe5WfOOfINqLRqbzDvr6Gl8oI56hFjbbkURZHEnQ9lLGpfwP27q8u2Y5L8F4tumm-bcm6AgAAAGhSAAAAA2gBBwoApDubSH3LLHHtMoJW2ah7yiIeFY07bfUIttOGJ4TMsVsYtlU8BPFhqAeDpMaTIuDKfzszNA9E3URI14EYrMs1Z283qtdU2b8BvdmRj7o2s-MAOzuiXuKPoEBb0oVebYX70WaZT1MYM8mafBCP_CVmJ_MMQfN3zPsvTefCJvN-hyZWDXU2aJOeUOYdfwh1tGURWWOjldJaGLBOA1CcC8XYwdk2W4WnmQKxcfQumBXLn2Nv6zYr1m45jHNhUFE1Pqs7zgDpBc8OFjNkRkMyslG_IulZUc6WRrDnhkmaUPah2Hkw_HQ6NxQTvYB7RGBV0z38MNBJLOJxKWWr2FE2WJC4oSyUpnFmW3_d6ZLD5F9guZMHpAvEzpchoUSE8Q4hUvOLjy7yvjr4nlzGa19Xusqp_9ayE96qoMEnJPifKHOJvyCr9bqbOzYj8EDqYyuva8_xL_5PpF31Z94x7aYD9qccQO8YHtBVUKxjXr0yQkQ-3rtzQHenbkr1niL_0yQdp134ROwOS8j8GHsUeNGWfBmmdwlWgJVgBLYrDqq7reeqCNIvzKkhGgoARxI791LPLtGIe3Ao0IdbnOdVQFAvn0Ca0hXFIxS0NTWNLvUTAncnoYbudP6SPNkkPiJpwlaf0lEsXm6fBUp3iT_tpHBdH0GiAgKJHA5tqUqr6nw6f4yi2x1TIBe-5zdPbLJAjMgEzowzbSi9P7MP3iY4mrpBYIEWydQwPJTYgkxLNG4Eh6ceWuTe9IN57kqMRhagy6RugA6HE8KPU6Jii78W1OldFDayI3rZ7SMGeQNih3Lunq-yNYtdCdYt6UjsstOnqY09t4LCwA3KSdfhcOV4WzIOMcQCJSJ5GCn7y7st74QqQhsPm_sCJSqmAs071bea9DgnpTBkzzafr_aU9GSkrYpoMRINAAkJx4p7hzaXke6_uEQoKKEMHV8dc2wpZGVahqOh3CVTIFTY2UfpjVY2GGvjikUUaVYW4OAW5i19KbdSuUwIT8xNbNQQ2x4N85WZWrRKA8EoHIaNtw9oWIZLPpIHvxggLraJh6PgcA4-9m8_vEOdKd_KZ4L17BaC8zIbc9ttNANZXxo40EAnA61uj6E0QmvY4bvhJ0MRg6gSiciobSI40IhIf6RGq2z7990
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s25-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bitly.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bitly.ws/	1970-01-21 03:08:38	Name: _ga_8Q1W6PKNCX Value: GS1.1.1704758189.1.0.1704758189.0.0.0
.bitly.ws/	1970-01-21 03:08:38	Name: _ga Value: GA1.1.674120509.1704758189
.bitly.ws/	1970-01-21 02:54:14	Name: __gads Value: ID=d447c15eb448fcdb:T=1704758190:RT=1704758190:S=ALNI_MYCNllgMVq2AHlLMAaykV3itTnJwg
.bitly.ws/	1970-01-21 02:54:14	Name: __gpi Value: UID=00000cd40cee2642:T=1704758190:RT=1704758190:S=ALNI_MbfDk9TE1JaIePf9Ztk7UG44R67mw
.doubleclick.net/	1970-01-21 03:08:38	Name: IDE Value: AHWqTUnwQAq_y1vmKiQiXARAx_RHMt6Jw1lKf_VYvZAjDnRg3e43Q9zRsZ6WLqDVjy0
.everesttech.net/	1970-01-21 02:18:14	Name: everest_g_v2 Value: g_surferid~ZZyLrwAM_LHgWwAM
.casalemedia.com/	1970-01-20 19:42:14	Name: CMPS Value: 4703
.casalemedia.com/	1970-01-21 02:18:14	Name: CMID Value: ZZyLr1X-WEcRjMAVYr1WJAAA
.casalemedia.com/	1970-01-20 19:42:14	Name: CMPRO Value: 4703
.adnxs.com/	1970-01-20 19:42:14	Name: uuid2 Value: 8915887908481282647
.mediago.io/	1970-01-21 02:18:14	Name: __mguid_ Value: 746ded22ad0849ad2e6y2y00lr5l0f9u
.adnxs.com/	1970-01-21 03:08:38	Name: XANDR_PANID Value: eY2D9KLJI_jBYlv_GqfgmqXpKF53d0awUb0QKyT-c4Ue162-PAOMX4tCDPO8kwXGF1a2mqk-Ar_ucz4BjgaLZTbP94f9YQs4X6aSP1zJSKA.
.adnxs.com/	1970-01-20 19:42:14	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>@m67@o!]tbPl1M>e)ZlrFUfJ+tGXxoi^%`@]E!5sY?lz9:A/v[Lc=cG#[82<tXDY8@3If)y3KL9D3I?+c2k+/$
.doubleclick.net/	1970-01-20 17:32:41	Name: DSID Value: NO_DATA
.c.appier.net/	1970-01-21 02:18:14	Name: _auid Value: pqNvzy4yCueEvBCZr4ucZQ
.c.appier.net/	1970-01-20 18:15:50	Name: _gu Value: CAESEHAmPMGkQsyDry5ItM_V9TI
sync.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id Value: s%3A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id Value: s%3A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
sync.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id-v2 Value: s%3Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%2FvtJUaqeeU
.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id-v2 Value: s%3Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%2FvtJUaqeeU
sync.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id-v3 Value: s%3AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCvl_KsBjABOgT90vuTQgSV0jJA.HEd8Su6dJIOuhemi4Y1GcRUU%2BAS95g2LYtEQ0v5tLaY
.srv.stackadapt.com/	1970-01-21 02:18:14	Name: sa-user-id-v3 Value: s%3AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCvl_KsBjABOgT90vuTQgSV0jJA.HEd8Su6dJIOuhemi4Y1GcRUU%2BAS95g2LYtEQ0v5tLaY
.bitly.ws/	1970-01-21 02:18:14	Name: FCNEC Value: %5B%5B%22AKsRol-h4qFae8xRcU5EoZjGAhKgXrzYTh8bIXQJVXCrk1EfJaEoIQ6XBvq38u8epDKr78vDODRWVEBcaSra8sMA1EETY16h354s2CFQRYrGRzktrK3iorHLysYZ44zQ5cFzja-TlJs_mW4avBIVtua0oPKQ6HDgBQ%3D%3D%22%5D%5D
.adkernel.com/	1970-01-20 18:15:50	Name: ADKUID Value: A1750726987690333917
.e-volution.ai/	1970-01-20 17:52:47	Name: ADK_EX_193 Value: 1
.e-volution.ai/	1970-01-20 18:15:50	Name: ADKUID Value: A1750726987690333917
.googleadservices.com/	1970-01-20 19:42:14	Name: ar_debug Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESEF78tPaBS5JCTO85qmrNXgo&google_cver=1&google_push=AXcoOmTYxUSxOJv1pmOvSXVg-YmIDzUv47BHcMJxNqcY4DNdBCo4XwoyihySzs_iHoZR95r-8YBX0gvqtbGz0J7d91eURNmVlBF6KL3EwKgtJbaBGWPz2gPrNeWhFyFvExZaPZ8m0xj-mUeE48aRnrVhwQfH Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.c.appier.net
ad.doubleclick.net
app.cauly.co.kr
bitly.ws
cl.s13.exct.net
cm.g.doubleclick.net
dsp.adkernel.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
gtrace.mediago.io
ib.adnxs.com
mp.org.pl
onetag-sys.com
pagead2.googlesyndication.com
rtb2-useast.e-volution.ai
s0.2mdn.net
sync-tm.everesttech.net
sync.srv.stackadapt.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
103.3.63.48
103.43.89.4
104.18.36.155
133.186.161.89
142.250.204.2
142.250.204.3
142.250.66.228
142.250.66.234
142.250.67.2
142.251.221.66
151.101.194.49
172.217.167.110
172.217.24.33
172.217.24.34
172.217.24.35
172.217.24.38
172.217.24.40
172.217.24.46
174.137.133.49
185.11.100.204
192.229.232.89
35.208.249.213
51.79.152.76
54.196.33.224
96.43.154.9
0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828
06c7f37c0838ca561ec753cb9df86f79849809603528ab5d2fde15bc32f42abc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd44eb2b2f8123fbff7e30eaf04da334b4210cd6f7d19d58aac446930f523a3
0d7a3b2fced7b9719a2281261ef7f8b377e3a09265bf03ea36bbff9ef1f811cd
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17a1fb94fbff5ab6a2039620c7b18dd0a7d3370340b059d63a5f8caca7b75962
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d580baaf3e1b794752c939a8a54beb86bfdbf6450bdaa007d532f6e2d113668
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e70ba207d2e14bc43e9e5071aa65663aa26c6e842e5094368593d40e5faf48f
2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3331d25bcdb538b2bf427fb3e4550f536a6ff688f76326f91c6faa6934d2a1dc
36f68b4a576792fa328ca2c9ef1477408acfc26ac49839f5cbde1759a6424689
38af94dfde9da3ea70cf41fc4bae572f5a2e951ce48a5d17a4b9388792368433
403484aaa6bfde5e3e989a8dae08862d50e84226183a7db30529de965f54d4d4
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
444f45306f20a9a5623e4bd370d217b617ba91d59e582fba21a4d76cd1a89c6b
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5344c66582957a1fbda436c4285be3d40b3d9ef717a611fe2285af93b9e73a7a
54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657
54a08222ba7c3ba74cf99a06a4252ba20a5a291da1a5e3eda40c355e5ffdc245
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea
6a0ae00ae1e92999df5730942b5106c5f480455a7fbfc1f3bd6ced7f31ac1b9c
6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a
78f8b3f017fa53140729d12ea8f03cf5c28146aaf9cfec8f49122e3fbc747399
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7f6e40117f4f9b081c6728eb0f8f7026641914b57cee5a14e52b57d7552ccff1
817136300e3fdd4de73dbbc33e22287f88de6dca6a5af6dfbc32701738340ccb
8994e39b7459e518c8ff01c8531c5272a3ca7b53d442615204145d9bb110432b
92e8241931584599a0dc81ef0214969c5b04800c8430a7a7234a201507d08d4c
94bf713fa9549d5bb3798f66847448ca58c2236b7bdb009891f802326235e290
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9edd5080ba31477d99e1ea20b721b25107635f954e55b74d6519d37e9f939f29
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988
a2acc694732eefca2bf802796b7850770873c3f8298ad296f9ea2854ad152397
a48cddf54f86f8d871b8853be96621781bb2c117ce6cec00d552128c549b2ddc
a996e4efd5768ab140aa5a0718072572ce0cf24e98b418b2e186ad56c4713f84
a9d0eab5bc0645b2280e90fe9f3026950df38da97e889613d6b66993bdf334aa
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
af8926c90e381ff4fb6ecc87d504bdef94761e51b4c7fabe8b0694ba48992c68
b11dc47889de3326bebc34326b08c225799df4a275b28db686c6e3482b3f4bd7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7f80935106390ce68b498562c40c39863298cf9edd85faa71d35fcdf848a6c7
b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c572b7132d304aef2a3f75fcb81eebd67dcb7552adc1c573f5c8ce8f662aa0ab
d8c52f357a05daf01d104355bdd49c99ac300cf0e514e7b8a12e5fb0511d9624
daab8a66fad84e54d32b62c10a996179c4d17efc15fc7aa77a5927dbb6cd10a8
deecef0ac81f9245f8c7f49f548c723b902341d8560bc2378b1d48d5e11f2028
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87bd5a5698b7518f5f3720f84088f42b6324036ff65fa02ec0d95e8533f1938
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eeb676a5263c8eede3c783b81ee82cfd03da946a3a7b6b8085f98f4fbf1822a3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f825a0287bd1cdf0eebca637c03056027fe4f0eaa73036b8625cc288e83d2255
f92c246a513c49bcc922ecfb7e8655ae1bf8f61812a5f559513e363404226021

bitly.ws Open in urlscan Pro 185.11.100.204 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

91 %HTTPS

0 %IPv6

24 Domains

29 Subdomains

19 IPs

5 Countries

2188 kBTransfer

4396 kBSize

27 Cookies

4 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bitly.ws Open in urlscan Pro
185.11.100.204 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

91 %
HTTPS

0 %
IPv6

24
Domains

29
Subdomains

19
IPs

5
Countries

2188 kB
Transfer

4396 kB
Size

27
Cookies

121 HTTP transactions
2 data transactions