wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wheregoes.com/trace/20225516906/
Submission: On November 21 via manual (November 21st 2022, 7:28:52 pm UTC) from ID — Scanned from DE

Summary HTTP 168 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 51 IPs in 7 countries across 32 domains to perform 168 HTTP transactions. The main IP is 2606:4700:3035::ac43:b70e, located in United States and belongs to CLOUDFLARENET, US. The main domain is wheregoes.com. The Cisco Umbrella rank of the primary domain is 833875.
TLS certificate: Issued by E1 on October 26th 2022. Valid for: 3 months.

This is the only time wheregoes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700:303... 2606:4700:3035::ac43:b70e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e2:... 2606:4700:e2::ac40:8820	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:21f... 2600:9000:21f3:c00:3:206f:ff40:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 3	13.224.195.78 13.224.195.78	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:209... 2600:9000:2093:1c00:11:1ed0:3900:21	16509 (AMAZON-02) (AMAZON-02)
11	54.183.56.116 54.183.56.116	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
1	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
13	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	34.209.30.241 34.209.30.241	16509 (AMAZON-02) (AMAZON-02)
8	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	13.225.78.128 13.225.78.128	16509 (AMAZON-02) (AMAZON-02)
1	18.225.3.171 18.225.3.171	16509 (AMAZON-02) (AMAZON-02)
2	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	54.195.100.225 54.195.100.225	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:21f... 2600:9000:21f3:3400:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a02:2638:1::8 2a02:2638:1::8	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:1::17 2a02:2638:1::17	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6 8	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
6 10	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 8	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1 12	88.99.165.19 88.99.165.19	24940 (HETZNER-AS) (HETZNER-AS)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	13.41.118.175 13.41.118.175	16509 (AMAZON-02) (AMAZON-02)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
2	13.224.189.102 13.224.189.102	16509 (AMAZON-02) (AMAZON-02)
2	13.225.78.124 13.225.78.124	16509 (AMAZON-02) (AMAZON-02)
4	18.133.102.8 18.133.102.8	16509 (AMAZON-02) (AMAZON-02)
168	51

9 2606:4700:3035::ac43:b70e (United States)

ASN13335 (CLOUDFLARENET, US)

wheregoes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e2::ac40:8820 (United States)

ASN13335 (CLOUDFLARENET, US)

api.fouanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:c00:3:206f:ff40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-monetize.whatstheword.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.195.78 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-78.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:1c00:11:1ed0:3900:21 (United States)

ASN16509 (AMAZON-02, US)

d3div1mtym39ic.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.183.56.116 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-56-116.us-west-1.compute.amazonaws.com

api-v1.wordmonetize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.83 (France)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.111 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

lbs.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.209.30.241 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-209-30-241.us-west-2.compute.amazonaws.com

id.sharedid.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-128.fra2.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.225.3.171 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-225-3-171.us-east-2.compute.amazonaws.com

prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.195.100.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-100-225.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:3400:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:1::8 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::17 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.66 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.171.52 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 88.99.165.19 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.19.165.99.88.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900028.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal900018.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.41.118.175 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-41-118-175.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-102.fra2.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-124.fra2.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.133.102.8 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-102-8.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 136	196 KB
21	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 203	243 KB
16	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37050 hal900028.redintelligence.net — Cisco Umbrella Rank: 254394 hal900018.redintelligence.net — Cisco Umbrella Rank: 256170	497 KB
15	criteo.net static.criteo.net — Cisco Umbrella Rank: 623 pix.eu.criteo.net — Cisco Umbrella Rank: 7562 csm.eu.criteo.net — Cisco Umbrella Rank: 7724	48 KB
11	gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn2.gstatic.com fonts.gstatic.com	185 KB
11	wordmonetize.com api-v1.wordmonetize.com	1 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 512	8 KB
9	wheregoes.com wheregoes.com — Cisco Umbrella Rank: 833875	155 KB
8	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 209	8 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 17892 api.webgains.io — Cisco Umbrella Rank: 57986	62 KB
6	criteo.com 1 redirects rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11662 ads.eu.criteo.com — Cisco Umbrella Rank: 7609 gum.criteo.com — Cisco Umbrella Rank: 390 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9333 mug.criteo.com — Cisco Umbrella Rank: 2725	55 KB
4	medialead.de 4 redirects pv.medialead.de — Cisco Umbrella Rank: 54022	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	189 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1084 id5-sync.com — Cisco Umbrella Rank: 479	34 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	2 KB
3	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 290	4 KB
3	fouanalytics.com api.fouanalytics.com — Cisco Umbrella Rank: 10422	8 KB
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 57421	4 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 53	79 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 15574	1 KB
2	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 129579	624 B
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 45190	4 KB
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 191001	2 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 52539	786 B
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 984 bcp.crwdcntrl.net — Cisco Umbrella Rank: 744	10 KB
2	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1158 lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1326	681 B
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1489	752 B
1	uidapi.com prod.uidapi.com — Cisco Umbrella Rank: 2780	3 KB
1	sharedid.org id.sharedid.org — Cisco Umbrella Rank: 2563	904 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	cloudfront.net d3div1mtym39ic.cloudfront.net	40 KB
1	whatstheword.co cdn-monetize.whatstheword.co	27 KB
168	32

	Domain	Requested by
18	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com googleads.g.doubleclick.net
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com wheregoes.com www.googletagservices.com
11	api-v1.wordmonetize.com	cdn-monetize.whatstheword.co
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
9	securepubads.g.doubleclick.net	cdn-monetize.whatstheword.co securepubads.g.doubleclick.net wheregoes.com
9	wheregoes.com	wheregoes.com
8	hal9000.redintelligence.net	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com hal900028.redintelligence.net hal900018.redintelligence.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
8	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com
5	fonts.gstatic.com	fonts.googleapis.com
5	pix.eu.criteo.net	ads.eu.criteo.com
5	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	api.webgains.io	analytics.webgains.io
4	pv.medialead.de	4 redirects
4	hal900018.redintelligence.net	1 redirects 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com hal900018.redintelligence.net
4	hal900028.redintelligence.net	1 redirects 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com hal900028.redintelligence.net
4	googleads.g.doubleclick.net	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com wheregoes.com
4	www.googletagservices.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
3	encrypted-tbn3.gstatic.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
3	fonts.googleapis.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com hal900028.redintelligence.net hal900018.redintelligence.net
3	c.amazon-adsystem.com	1 redirects c.amazon-adsystem.com
3	api.fouanalytics.com	wheregoes.com api.fouanalytics.com
2	cdn.track.production.webgains.team	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
2	analytics.webgains.io	track.webgains.com
2	www.googletagmanager.com	adv.office-partner.de
2	www.awin1.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
2	ad-server.eu	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
2	track.webgains.com	wheregoes.com
2	adv.office-partner.de	hal900028.redintelligence.net hal900018.redintelligence.net
2	pb.media01.eu	hal900028.redintelligence.net hal900018.redintelligence.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	gum.criteo.com	1 redirects static.criteo.net
2	id5-sync.com	cdn.id5-sync.com
2	cdn.id5-sync.com	wheregoes.com securepubads.g.doubleclick.net
1	mug.criteo.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	encrypted-tbn2.gstatic.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
1	encrypted-tbn0.gstatic.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
1	www.gstatic.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	ads.eu.criteo.com	2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
1	rtb.nl.eu.criteo.com	wheregoes.com
1	prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	id.sharedid.org	securepubads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	d3div1mtym39ic.cloudfront.net	wheregoes.com
1	cdn-monetize.whatstheword.co	wheregoes.com
168	52

This site contains links to these domains. Also see Links.

Domain
monetize.andbeyond.media
wherego.es

Subject Issuer	Validity	Valid
*.wheregoes.com E1	`2022-10-26` - `2023-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-09` - `2023-10-09`	a year	crt.sh
*.whatstheword.co Amazon	`2021-12-10` - `2023-01-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.wordmonetize.com Amazon	`2022-08-11` - `2023-09-09`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
id.sharedid.org Amazon	`2022-11-08` - `2023-12-07`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.uidapi.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-10` - `2023-01-10`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-14` - `2023-01-13`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-01` - `2023-02-04`	3 months	crt.sh
redintelligence.net R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
adv.office-partner.de R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://wheregoes.com/trace/20225516906/
Frame ID: A96721F72F096023D93853116C1E7510
Requests: 49 HTTP requests in this frame

Frame: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B2F106A740C02C3D2FCDC6D64E492351
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F3A59457CBF28C73FCD0B0271A58B86D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 681AA490B84EF4DB8FA9C823DDA2BCC2
Requests: 2 HTTP requests in this frame

Frame: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4054B6FC975BF24A4D301EF4F3DAC8EF
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y3vRbgAIYKgH_Z5aAA9lCzRnQXu7XI7E7wBeaw&u=%7CZXJYARNRQ4Wfis5bBMnQ2AdaeWhapfGm6KiVRiEWeQQ%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHF5JbF2F7hfY2DF_LDS5_jQ-ZocpOV2MQ52xqnvVP65JF7omwNrfNV87xcI_hYqEvsVK0Z_Nczg0RfiZh_kI1Vr75Dbmxm7ynN59uCfKTX9j1hvq8HcdWNtAd3wHEpZX-o_pGSu1FeK3qI7vsdyQ2M6hFoUzgoQupE1Sj73FEmS5miZQbAMb-dBA4Ij72EJgM8741r30vl9xMxZGTn7QJnVPrFfvazEAEvHyhhyVHq1Fi_-b3FWcUVcbLcDvjm8MNifLf02sieAYywx-o1ZWkEKcC5nCu6WtvR0qbfpXsu6MltoV84vqjd5RShFa-LRtDmjEzsSo4prTmBi_t7klMjaP0n64C2wqz0XAHt9IzDbTqqqnDCtsXZUAVkM1Re1ZfORivyOYBesW97nG9B3mNHg7sZQJYRrY4CVZETBWoKf4pvb87j81wu-LIhjZFF-YC3b5NBFZbhAIKPQeO1U02z5sPcLQ6ImNfR8JZuo6bfglNau7pJebgysgtsxlmwM8ptfGsrVIKRjmmy2n1pHn84JF5tfEuihn2JLPeT4K6W6LAZgyHJK7vMtw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZqbWbtF7Y6jBIdq89u8Pi8q9gAfJntKxXNWdkfdwwI23ARABIABglZr8gZQHggEXY2EtcHViLTg3MzEyMTA3NjUyMDIyMzfIAQmpAotlge4oMrE-4AIAqAMBqgSlAk_Q4iKq__uwadxW1k22DPykah17ZIUOpfJubYsfGpJ-0dbf7fgl-1T-6nKY6zrFUDKWNMcpQKoQIM6sCtZFIN1bsJjAaenyj6CIzhy7jWVVkoP-vP29BHn_1idlz90ArCF2ms9zu2YYxm3_QjPVakyAfd8wmORbdF4ko8891LkDMb2O-HvfHb2iamlALYeJGD8dphTMsZwh-RyYze7IrLV61Wx7DZfrrkZYioX8t8e2lPJ-31QcqKGuAu1vdHbtIJ5IpHe_JO3K-US9_lQ82g101lgzGeeMsX3fNdf7r76u3CrA2RZmMFiPJ09gwTHy8H_FY-bmc5E_MTLM6dQCbnJdBvHbLoZxq9L_qF--bbOdDfVsb-tQ7UaWicjmFrcWdbA9zinL4AQBgAbHzc-Y357tqfkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1u0FwXDy9ovYZE4Lsa3yhIlqxe4A%26client%3Dca-pub-8731210765202237%26adurl%3D
Frame ID: 1A3CBFA44C6DC0A4C4219EF24D079477
Requests: 17 HTTP requests in this frame

Frame: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4CBB9B63F912A149F00CA559F47695F0
Requests: 16 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com
Frame ID: D481BCFCBE62900AFADCFC3B36749DD6
Requests: 2 HTTP requests in this frame

Frame: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 61E6D32BE50A391AA883268B93A147C2
Requests: 17 HTTP requests in this frame

Frame: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 37ABF98C9A3444538FDFDB35D13B02BF
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNWbmHKKNvSWs3W7Zc91-YS3DS57n7diWsLy05bQafxq0OOkX1znJGLBCeMx0yOUuYHKfz6sZTmj_V6WXCKKlZZq4I35I9CaAhm2Wq4Uke8Q4qmTA-uTxfFFrsjwL9XqpcsBnfMrisECFVP17stqoCfaGTf6aqnbOekyBpz1ukXCoduvQlo
Frame ID: F754D66F8A97D75FAF276CF1E906830E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNVOS8MVcOsH7Alc-lSG21cyrwIfOOABdPkUA8789mI2EVCaL73zZ5yW-VynfWfjSUuEg7R2GV6_ytJpyGUhzAuDlp3Jq8SReCixgVYd_QNi0Gb89yts_UTcbrf-riQ12dJ3Ohzgj-3jDhFKkKO2I4vV3hkV_mLxa2OVlfvcGwEMNPQLMgw
Frame ID: FC2528CFE0AFC3B9B5A93B3911D27A4B
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 66BEBC52839C0595802E5C44DD063EC3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 139463D75AF7DCA001F66870D135E4CB
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js
Frame ID: 6E4CBF9C0B240CEA24D7882AE81C1EA1
Requests: 1 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=14729600107493104444978012150028&actionid=981741&produktid=&dt_url=
Frame ID: F3CB71B16DA1B5DC72FD8175E5447DE2
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 01A6ECA257CB489CFA81C0D2A956BD49
Requests: 2 HTTP requests in this frame

Frame: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Frame ID: 8B4B546EA1DAA5D6580E035336643014
Requests: 8 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96380300112447204444978012150018&actionid=981741&produktid=&dt_url=
Frame ID: A463BFD6F7025C03C07AD75398491B48
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: BB3EB0EC6EF4889875804E7082B6A606
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Frame ID: B12B2FDD1E03685C4F6C9801E3D55513
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trace Results | WhereGoes

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

168
Requests

92 %
HTTPS

53 %
IPv6

32
Domains

52
Subdomains

51
IPs

7
Countries

1868 kB
Transfer

3996 kB
Size

15
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://monetize.andbeyond.media/
Title: Monetize

Search URL Search Domain Scan URL

URL: https://wherego.es/twitter
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vRbwwZQDb4BE75mbv6cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB3115hh4WxWCEfqYnob3lw&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1

Request Chain 110

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vRbwwZQDb4BE75mbv6cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB3115hh4WxWCEfqYnob3lw&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

Request Chain 112

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

Request Chain 116

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=E30fEXw4a2syNEZKV0Qzd2dlRmY0YkYvUTFDR1c2NlFYdWw3c3ZLY0FXbXFyNmVPYVF4NSsrbkJJcG1kbTVnTlhrazNuRmVLdlBpNmhJck92aGZwdnk1eWtaVitNNmZxYlV5a3Rqc2JCMzJ4Z2h5VVhMK1ZSYlYrazgrTldNT0tsanE1blJvTzNGKzFoVzR0Q29nb0UxanVvUGptWngrdlY5cTh3aHphTkVqOFEydDBJQm01OUFYTGYwaGpYeTgvZU5LeXZHdHpYRlFsL1dNSWZmaXFwL1kwNWRPbGR1NmJKSElPdmFPd3d6L3ZNYnp4Z2dNUHl1Q3E0eExMeDBjWHJkVE04MW5YZmVkaFFDclk2R3R1VnhyNHZ3QT09fA&cppv=2

Request Chain 123

https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 124

https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 128

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=14729600107493104444978012150028&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=14729600107493104444978012150028&actionid=981741&produktid=&dt_url=

Request Chain 132

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=14729600107493104444978012150028 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 135

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=96380300112447204444978012150018&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96380300112447204444978012150018&actionid=981741&produktid=&dt_url=

Request Chain 139

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=96380300112447204444978012150018 HTTP 302
https://ad-server.eu/wm/pb/native.png

168 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wheregoes.com/trace/20225516906/ 13 KB
5 KB 8468ms
8379ms Document
text/html 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b03ef5cf0924cc2f14b4359c30917819ba75299a1d69a2577ff49fce44ba29a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76dbd45aff294084-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 19:28:45 GMT
fastcgi-cache: MISS
link: <https://wheregoes.com/?p=19>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLly1A1XAreHRB4HF08%2BZLZbD4uM7oXQyJgKwoZ0Fov8PEeNLabkpmu7XmuAqjgbhPj%2BstKzjP9hYftGanshblXl9f6vr8u3XpOfmaNty3c%2B%2FzlK6EPWOHTHiTS%2BP%2FLUL8tzv7lLqxK6WqsH"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 autoptimize_ae6085e107f0655d95de000da36f3f13.css
wheregoes.com/c/cache/autoptimize/css/ 234 KB
84 KB 46ms
45ms Stylesheet
text/css 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/cache/autoptimize/css/autoptimize_ae6085e107f0655d95de000da36f3f13.css

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691129e81025fdb3ddeee332ab64fb42eff445baa635c59e19bd023dc910683a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20225516906/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 278947
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Nov 2022 02:41:14 GMT
server: cloudflare
etag: W/"63744dca-3a6e7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPkwTD9tYq%2Brwu9lFO78oDUzWovKIdPbIjyAYgpHmAfjnd28qUlaV2io5jUV9AXijJcm6rfkhlntU2U6d5fa4ngb7aGDdakwfhU32YtMVGM%2B382eDP9xqTbEPZgi%2ByWyVAHFq2IaROVf5YmY"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 76dbd48f5da74084-LHR
expires: Thu, 16 Nov 2023 02:41:25 GMT

GET
H2 200 jquery.min.js Show response
wheregoes.com/wp-includes/js/jquery/ 88 KB
32 KB 91ms
91ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20225516906/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1053521
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 14:48:47 GMT
server: cloudflare
etag: W/"636bbdcf-15e54"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UaBdOH1%2BMg0ObWSiq69MHLyZx36cyFYZCOH2iCgIKGehXGR4KT5dFWMxgkCxraNKKRVNRN1hxQfdiMZvleRVd69DipMY1hcf0bgqhtCSf4JIzUXE6fqJyJ03xNPQbYLIpDeXA4F7wSw%2BIvUT"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 76dbd48f5da84084-LHR
expires: Thu, 09 Nov 2023 14:48:49 GMT

GET
H3 200 script.js Show response
wheregoes.com/js/ 1 KB
1 KB 34ms
34ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/js/script.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4216bfc85c99ffd32e7745f0d7d4cd5f57b714f3a4911176b8cd78a176c97c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20225516906/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
age: 1946
x-cache: EXPIRED
cdn-cachedat: 11/21/2022 18:09:19
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.0.8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:42:37 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pvmFHIIcdWWXxoY9aCPtC0IL%2F26UP3ETtvY76stYb0s3WpR5M7aHd4domt9joyllebuvS1GWwfLRGMlqRkR7dtSjYJMUF7Zo8w%2FJ%2BHT7jQ%2BHoxqWM2FEvDALnaGZG8FIBFhEPo2w0Uq3%2FSgN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=14400
permissions-policy: interest-cohort=()
cdn-requestid: f5672cd4014a456eb6018124b18470fe
cf-ray: 76dbd48fdcbb9a30-FRA
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 init-1144pc80p2fur20uadwq.js Show response
api.fouanalytics.com/api/ 458 B
874 B 294ms
207ms Script
text/javascript 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/init-1144pc80p2fur20uadwq.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4811e0f7559dc63c97116557b9ec419d3c91c8fbaeb7781e348026395e7b1f00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFb7SHEOKag4Z1d7K8fp6LkYvUsL%2BkN0uxxnUdsqDpfmkj2Fas6gWaptNr0nseBInfISdlb3vqO9IP7YUMYaBH8HSXlmd%2FJGEfIDnOoGv5udKLOSHrqYqI6xGpDihPEGLAzFTmr3hzw4GhxD%2BgqSgbqDxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 76dbd4909c690a63-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2 200 wordmonetize.js Show response
cdn-monetize.whatstheword.co/48/ 122 KB
27 KB 117ms
28ms Script
application/octet-stream 2600:9000:21f3:c00:3:206f:ff40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:c00:3:206f:ff40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 93e2cac72a2e1a95064385757f9640b1b67fde78e095171ead878a02653caf4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 13:56:58 GMT
content-encoding: gzip
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
last-modified: Wed, 16 Nov 2022 03:18:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 19909
etag: "ee02a2c9ad171de4aaf04117f150dda2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 27308
x-amz-cf-id: Sy4xZGi2_mmOJFZaLS0Ru1GkaXdzWkKv2Uu93v8x5i6qAzScHaUb6w==

GET
H3 200 autoptimize_0a99c9c5201c14eeb4c37339da2cfaf4.js Show response
wheregoes.com/c/cache/autoptimize/js/ 38 KB
13 KB 39ms
39ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/cache/autoptimize/js/autoptimize_0a99c9c5201c14eeb4c37339da2cfaf4.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ee59c8e92338f36c76e6a01ad5fa77ee87f181a74722954d36b54a57ed0f04a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20225516906/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 942015
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Oct 2022 14:20:34 GMT
server: cloudflare
etag: W/"635007b2-9725"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVHyQEGY6QPNSx%2BZlGrdo3RBOkhoNtKgxsGTIs4MkTNvmbykPq4odi7KQFXBXoGdMxGnzXZPTsQzYBQWftOVnptW8Zp6pIGQVepEpsr%2Fjh7a0io0ZjAEJfRfOCEppT%2BuemsfzNiWVk7Cn8J%2F"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 76dbd4901d339a30-FRA
expires: Thu, 19 Oct 2023 14:20:37 GMT

GET
H3 200 wp-emoji-release.min.js Show response
wheregoes.com/wp-includes/js/ 18 KB
5 KB 56ms
56ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20225516906/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 486175
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jul 2022 19:09:17 GMT
server: cloudflare
etag: W/"62d7015d-48b9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ng3MfMYexO8BMOkm3Ml3BP1wD29lekj3Kt%2FIKINAsogZ9lq0HAB7X2ngXDrD1iuxrK79h1CIj9LToBj16VqxvRyR4bdmvSx6h3%2BkoXcFODgAcVQjYexfriru7bPXclU%2BgIleAy3bZ4OR6xXt"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 76dbd4901d389a30-FRA
expires: Thu, 16 Nov 2023 02:21:44 GMT

GET
H3 200 wheregoes.woff2
wheregoes.com/c/themes/custom-theme/fonts/ 8 KB
8 KB 33ms
33ms Font
font/woff2 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wheregoes.com/c/themes/custom-theme/fonts/wheregoes.woff2?90359859
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_ae6085e107f0655d95de000da36f3f13.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b

Request headers

Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_ae6085e107f0655d95de000da36f3f13.css
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 486175
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8024
last-modified: Fri, 18 Jun 2021 18:52:37 GMT
server: cloudflare
etag: "60cceb75-1f58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5S0u4kWmqPNAirCib2twky2x%2FiSLyVIcUI%2B%2FOz7iQDqqLEqNL4D2G6C7B78RDavQasLopEsl4wK2fIXdwzgt07sxsB36LXBcjILTqlGpzsEE140PfZQ7Pu%2F63bT730%2FOZAAOz19iNqVcwcBx"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 76dbd4901d3e9a30-FRA
expires: Wed, 20 Sep 2023 15:11:12 GMT

POST
H3 202 event Show response
wheregoes.com/api/ 2 B
795 B 305ms
304ms XHR
text/plain 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/api/event

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/js/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://wheregoes.com/trace/20225516906/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
cdn-cachedat: 11/21/2022 19:28:46
cdn-pullzone: 682664
application: 10.0.1.2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-request-id: FymwQBcl6sZZYIgATaOS
cdn-proxyver: 1.03
cdn-requestpullcode: 202
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVXhm%2FDeoWxW7i3jS6p%2FgoB6DEKFLQXVAcY2MCd35vg6W229BaSwIQay6l2TBN8t7hw7X46eLRDgQQUnYE4EWKedOxdLnEvZ20wMXdhIc8HMyvhG9o%2FZkLpw7RRiMZpTtQTXbZUuCq2iJbBw"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 430e6568da70124bf598c7c7e8c1d2ab
cf-ray: 76dbd4902d669a30-FRA
cdn-requestcountrycode: US
cdn-status: 202
cdn-requestpullsuccess: True

GET
H3 200 logo-h-blue.svg
wheregoes.com/c/themes/custom-theme/img/ 15 KB
6 KB 39ms
39ms Image
image/svg+xml 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wheregoes.com/c/themes/custom-theme/img/logo-h-blue.svg

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_ae6085e107f0655d95de000da36f3f13.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_ae6085e107f0655d95de000da36f3f13.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3414493
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sun, 11 Apr 2021 19:20:03 GMT
server: cloudflare
etag: W/"60734be3-3afa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EA%2BScdNknNvIM%2FAN%2FqwVlFKuYXYFj09XH0T%2Fu0E5gxdVc%2Fa%2FwPNt66yCd87o6D7POjAPHM9H48rz8hsWm%2BLCvfb4Wx4DG3leAqM9npwhDsJBaK2MNWi2JZxRDribHsnqIvI4EK83guTY3obJ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 76dbd4902d6d9a30-FRA
expires: Wed, 20 Sep 2023 15:11:12 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 98ms
29ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f43973ee0ee121287cca23c16a48de9fce9a5701eaa6724be93d702654a9677f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27247
x-xss-protection: 0
server: sffe
etag: "1399 / 794 of 1000 / last-modified: 1669032597"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 21 Nov 2022 19:28:46 GMT

GET
H2

200

apstag.js Show response
d3div1mtym39ic.cloudfront.net/aax2/
Redirect Chain

https://c.amazon-adsystem.com/aax2/apstag.js
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

178 KB
40 KB

108ms
34ms

Script
application/javascript

2600:9000:2093:1c00:11:1ed0:3900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H2
Server: 2600:9000:2093:1c00:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:43:56 GMT
content-encoding: br
via: 1.1 c47c25ef93083c096cbff8a42ea330d8.cloudfront.net (CloudFront)
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
age: 2691
x-amz-server-side-encryption: AES256
etag: W/"e675a6dfe90787fca79a6c96fd29c2d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: dUAphCpTsx9iDVkDhHYXToqCME0frPCaEiGGQlKquBL4otcyFjg8Ng==

Redirect headers

date: Sun, 20 Nov 2022 22:41:15 GMT
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1, FRA2-C1
age: 74851
x-cache: Hit from cloudfront
content-type: text/html
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
content-length: 167
x-amz-cf-id: iZNPgej8zQaTBoFm8nIlWUeF665_6WuwaskYd5KTFQ4cnLJfhEx9hA==

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
125 B 522ms
170ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJicm93c2VyTmFtZSI6IkNocm9tZSIsImRldmljZU5hbWUiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwicGFja2V0SWQiOiJjbGFyNmw5cTMwMDAwM2M2ZDkxbW5maGN0Iiwic2l0ZUlkIjo0OCwicGFnZVVSTCI6Imh0dHBzOi8vd2hlcmVnb2VzLmNvbS90cmFjZS8yMDIyNTUxNjkwNi8iLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJyZWZlcnJlciI6IiIsInNpdGVEb21haW4iOiJ3aGVyZWdvZXMuY29tIiwiZXZlbnRUeXBlIjoicGFnZXZpZXciLCJpc0Jsb2NrTGlzdGVkIjpmYWxzZX0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 499ms
172ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwicGxhdGZvcm0iOiJERVNLVE9QIiwidHlwZSI6ImxlYWRlcmJvYXJkIiwid2lkdGgiOm51bGwsImhlaWdodCI6bnVsbCwiaXNSZW5kZXJlZCI6dHJ1ZSwiZXZlbnRUeXBlIjoiYWRyZXF1ZXN0In0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 663ms
338ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwicGxhdGZvcm0iOiJERVNLVE9QIiwidHlwZSI6ImxlYWRlcmJvYXJkIiwid2lkdGgiOm51bGwsImhlaWdodCI6bnVsbCwiaXNSZW5kZXJlZCI6dHJ1ZSwiZXZlbnRUeXBlIjoiYWRyZXF1ZXN0In0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 495ms
172ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwicGxhdGZvcm0iOiJERVNLVE9QIiwidHlwZSI6InNkcy1zaWRlYmFyIiwid2lkdGgiOm51bGwsImhlaWdodCI6bnVsbCwiaXNSZW5kZXJlZCI6dHJ1ZSwiZXZlbnRUeXBlIjoiYWRyZXF1ZXN0In0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 494ms
171ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwicGxhdGZvcm0iOiJERVNLVE9QIiwidHlwZSI6ImF0Zi1zaWRlYmFyIiwid2lkdGgiOm51bGwsImhlaWdodCI6bnVsbCwiaXNSZW5kZXJlZCI6dHJ1ZSwiZXZlbnRUeXBlIjoiYWRyZXF1ZXN0In0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H3 200 pubads_impl_2022111501.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
129 KB 63ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132177
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 09:35:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 21 Nov 2023 19:05:34 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 98 B
91 B 71ms
30ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=wheregoes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

900f497e7f3b62505bcc6316973c7c359c52f3f1f43796a16f71f88c24d7da67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66
x-xss-protection: 0
expires: Mon, 21 Nov 2022 19:28:46 GMT

GET
H3 200 pp.js Show response
api.fouanalytics.com/s/ 15 KB
6 KB 89ms
50ms Script
text/javascript 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/s/pp.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a9f3c83892833387d92f857563b6f3cfdee0277cbc648a932a2718e000e9e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Oct 2022 14:09:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4730
etag: W/"634eb38a-3bc0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OyCntNSI2liaDP6zhPc9rQqLT%2BnvZToBXpuc17ir%2F67Hf3U24T5e9qDohEhZOKgvUCKQOTtz0llJWwjgswooOiI7c2S4NebcCbt1LoTBbSOPm6tL3liuL7B23YjKZKhgCKX3ZIHmHvVMkkQDQb7mG0mWRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cf-ray: 76dbd4922d570a58-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 105 KB
33 KB 597ms
597ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3037495171284003&correlator=1338541722282317&eid=31060438%2C31070233&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fifs&iu_parts=21751243814%3A22591626215%2CWM_PUB_wheregoes.com%2CWM_PUB_wheregoes.com_Leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90&ifi=1&adks=4055864952&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1669058926485&lmt=1669058926&dlt=1669058925954&idt=500&adxs=315&adys=268&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20225516906%2F&frm=20&vis=1&psz=970x-1&msz=970x-1&fws=0&ohw=0&ga_vid=1122672876.1669058926&ga_sid=1669058926&ga_hid=1691515547&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e40770df1541ecf8c4912c31d653db05c28dca358e2f47640b62dbd0065dbaad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33965
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 398ms
397ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3037495171284003&correlator=2647931009887314&eid=31060438%2C31070233&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fifs&iu_parts=21751243814%3A22591626215%2CWM_PUB_wheregoes.com%2CWM_PUB_wheregoes.com_Leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90&ifi=2&adks=3497999915&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1669058926493&lmt=1669058926&dlt=1669058925954&idt=500&adxs=315&adys=838&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20225516906%2F&frm=20&vis=1&psz=970x-1&msz=970x-1&fws=0&ohw=0&ga_vid=1122672876.1669058926&ga_sid=1669058926&ga_hid=1691515547&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bde2d399541b1b1f6947f6bf383d5673311d21304d445039e3289ad5d54fb2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10353
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 614ms
613ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3037495171284003&correlator=3768544992213463&eid=31060438%2C31070233&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fifs&iu_parts=21751243814%3A22591626215%2CWM_PUB_wheregoes.com%2CWM_PUB_wheregoes.com_StickyDockedSidebar&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=3&adks=3376308153&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1669058926494&lmt=1669058926&dlt=1669058925954&idt=500&adxs=1091&adys=1664&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20225516906%2F&frm=20&vis=1&psz=300x13&msz=300x0&fws=0&ohw=0&ga_vid=1122672876.1669058926&ga_sid=1669058926&ga_hid=1691515547&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8d7fc067621ed688aa4f094591f52d0f8bd88eb49b8a2b74cda8f9437190249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9363
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 559ms
558ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3037495171284003&correlator=2898361985166721&eid=31060438%2C31070233&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fifs&iu_parts=21751243814%3A22591626215%2CWM_PUB_wheregoes.com%2CWM_PUB_wheregoes.com_ATFSidebar&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C160x600%7C300x250&ifi=4&adks=2702263037&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1669058926495&lmt=1669058926&dlt=1669058925954&idt=500&adxs=1091&adys=1029&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20225516906%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=0&ohw=0&ga_vid=1122672876.1669058926&ga_sid=1669058926&ga_hid=1691515547&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

659277170ce3fa0d3b14435d63e2431c70b0030785821b640e969d2409231103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9353
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B2F1 6 KB
3 KB 122ms
28ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Tue, 21 Nov 2023 19:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 385 B
739 B 26ms
26ms XHR
application/json 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwheregoes.com&pubid=cd6cddc5-4dca-4d77-9a65-8b894400e772
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 17c1a65dfc520d641ac19f90acbbb439bd737a4e0bfbbffad3733203abe9280e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 14:18:47 GMT
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 18598
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 385
x-amz-cf-id: nh7_clAlULpYpEAHCk29GKn6kniHd0AvlWwbXlD_1Fx9o4FjROG2qg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 64ms
22ms XHR
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
content-encoding: gzip
via: 1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
date: Mon, 21 Nov 2022 14:15:11 GMT
x-amz-cf-pop: FRA2-C1
age: 18816
x-cache: Hit from cloudfront
last-modified: Fri, 18 Nov 2022 03:05:15 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: zikpMCkLjR0Cj8TufZBJ3RfYgKa0rBD_9yOs42yL6xY0reTaiCaCug==

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991

Request headers

Referer
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 57 KB
17 KB 88ms
36ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df51a5301fcae2ec9503d129a2341e80f6d52e9416ff2460c3048947f4f3852a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 10 Nov 2022 09:46:31 GMT
server: cloudflare
x-amz-request-id: MTGHPR3PKNB1VMJV
age: 312
etag: W/"f56ac574619f997d4b0c211e79bcc3af"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 76dbd4936b1a9b7c-FRA
x-amz-id-2: hDJbyNwFmhC+Vtx7IdHw8uZQIiwk8/irD0vGSMp3TnepCxxouSw3jcmp9JfufhoM9X/g9UChJtE=

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
400 B 74ms
23ms XHR
application/json 162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

ae0571c38f799ed84bf90726625037e67eaca8aeede296849277bededa4e8b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 34 B
281 B 369ms
19ms XHR
application/json 141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lbs.eu-1-id5-sync.com/lbs/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.111 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203177.ip-141-95-33.eu

Software

Resource Hash

ac40282df1d68765df172e475e8c04442fa9ffb45acd7ff243d40b12fba8abb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 34
vary: Origin
content-type: application/json

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 120ms
68ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cebd0661e5eb671dd425ed77b15cac0c413e8b826a790ebfb3373435772a081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11182
x-xss-protection: 0

POST
H3 200 x Show response
api.fouanalytics.com/api/ 0
462 B 238ms
213ms XHR
text/plain 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/x?7wLG6ZXaFvbLsZO7$dXJsJDAkaHR0cHM6Ly93aGVyZWdvZXMuY29tL3RyYWNlLzIwMjI1NTE2OTA2LyIsInJlZmVycmVyJDAkIiwiYW5jZXN0b3JPcmlnaW5zJDAkIiwidmlkZW8kMCQxNjAweDEyMDB4MjQiLCJmcmFtZSQwJDAiLCJoaWRkZW4kMCQwIiwidmlzaWJpbGl0eVN0YXRlJDAkdmlzaWJsZSIsImhhc0ZvY3VzJDAkMSIsIndpbmRvdyQwJDE2MDB4MTIwMCIsInBpeGVscmF0aW8kMCQxIiwiaW5uZXIkMCQxNjAweDEyMDAiLCJvdXRlciQwJDE2MDB4MTIwMCIsImxvY2FsU3RvcmFnZSQwJDEiLCJzZXNzaW9uU3RvcmFnZSQwJDEiLCJhcHBDb2RlTmFtZSQwJE1vemlsbGEiLCJhcHBOYW1lJDAkTmV0c2NhcGUiLCJhcHBWZXJzaW9uJDAkNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDcuMC41MzA0LjExMCBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQwJHRydWUiLCJkZXZpY2VNZW1vcnkkMCQ4IiwiZG9Ob3RUcmFjayQwJCIsImhhcmR3YXJlQ29uY3VycmVuY3kkMCQ0IiwibGFuZ3VhZ2UkMCRlbi1VUyIsInBsYXRmb3JtJDAkV2luMzIiLCJwcm9kdWN0JDAkR2Vja28iLCJwcm9kdWN0U3ViJDAkMjAwMzAxMDciLCJ1c2VyQWdlbnQkMCRNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC4xMTAgU2FmYXJpLzUzNy4zNiIsInZlbmRvciQwJEdvb2dsZSBJbmMuIiwidmVuZG9yU3ViJDAkIiwid2ViZHJpdmVyJDAkZmFsc2UiLCJuYXZpZ2F0b3ItaGFzaCQzJDI5ZTQxODZkIiwibmF2aWdhdG9yLXRpbWUkMyQyLjYiLCJzZW5kQmVhY29uJDMkMSIsImZvbnRyZW5kZXIkNCQxIiwidGltZSQ0JDE2NjkwNTg5MjY1MTQiLCJ0aW1lem9uZSQ0JDAiLCJwbHVnaW5zLXRpbWUkNCQwIiwicGx1Z2lucyQ0JGI2ZDA1NTU4IiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQ0JDEwLjYiLCJtZW0tdXNlZEpTSGVhcFNpemUkNCQxMCIsIm1lbS1qc0hlYXBTaXplTGltaXQkNCQzNzYwIiwidGltZS1kb21haW5Mb29rdXBTdGFydCQ0JDEiLCJ0aW1lLWRvbWFpbkxvb2t1cEVuZCQ0JDEyIiwidGltZS1jb25uZWN0U3RhcnQkNCQxMiIsInRpbWUtY29ubmVjdEVuZCQ0JDkwIiwidGltZS1zZWN1cmVDb25uZWN0aW9uU3RhcnQkNCQ0MyIsInRpbWUtcmVxdWVzdFN0YXJ0JDQkOTAiLCJ0aW1lLXJlc3BvbnNlU3RhcnQkNCQ4NDY4IiwidGltZS1yZXNwb25zZUVuZCQ0JDg0NjkiLCJ0aW1lLWRvbUxvYWRpbmckNCQ4NDcxIiwidGltZS1kb21JbnRlcmFjdGl2ZSQ0JDg2MTAiLCJ0aW1lLWRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0JDQkODY1NyIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50RW5kJDQkODY1NyIsIm5hdmlnYXRpb24tcmVkaXJlY3RDb3VudCQ0JDAiLCJuYXZpZ2F0aW9uLXR5cGUkNCRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQxNiQwLjEiLCJnbG9iYWxzJDE2JGJhYTc5MmMwIiwiZG9jdW1lbnQtdGltZSQyMSQwLjEiLCJkb2N1bWVudCQyMSQ3OTU5NjA3YSIsImNvbm5lY3Rpb24kMjEkIiwiZG93bmxpbmtNYXgkMjEkIiwiZ2V0VXNlck1lZGlhJDIxJDIiLCJwYWdlLWZyYW1lLWNvdW50JDIxJDEiLCJwYWdlLWZyYW1lLWxpc3QkMjEkMHgwIzJhZjA5ZWFlM2I5NmYxYWU2MzhhZmE0MDI5YzYzM2UyLnNhZmVmcmFtZS5nb29nbGVzeW5kaWNhdGlvbi5jb20iLCJwYWdlLWhhc2gtdGltZSQyMSQwLjIiLCJwYWdlLWhhc2gkMjEkNmNhNmYxYmYiLCJmb250JDI1JDEwMDAwMDAiLCJzdHlsZS1oYXNoJDI1JDhjYjZiMmNjIiwic3R5bGUtdGltZSQyNiQwLjQiLCJhdWRpby1jb2RlYyQyNiQyMjIxMiIsInZpZGVvLWNvZGVjJDI2JDIyMjAwMCIsImNsb2NrJDMyJDQzMzgiLCJzb3J0JDQzJDExLjMiLCJzdGFjayQ0NCQxMzk1NiIsInN0YWNrLWVycm9yJDQ0JFJhbmdlRXJyb3I6IE1heGltdW0gY2FsbCBzdGFjayBzaXplIGV4Y2VlZGVkIiwic3RhY2stdGltZSQ0NCQxLjEiLCJ3ZWJnbCQ1MCQxIiwid2ViZ2wyJDUwJDEiLCJ3ZWJnbC12ZW5kb3IkNTAkSW50ZWwgSW5jLiIsIndlYmdsLXJlbmRlcmVyJDUwJEludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsIndlYmdsLWV4dGVuc2lvbnMkNTAkNDQ5NTM5NjUiLCJ3ZWJnbC10aW1lJDUxJDYuMiIsInBlcm1pc3Npb24tZ2VvbG9jYXRpb24kNTIkcHJvbXB0IiwiYmF0dGVyeSQ1MiQxIDEgMCBJbmZpbml0eSIsImF1ZGlvY29udGV4dCQ1NSRmN2U3MTJkOSIsImF1ZGlvY29udGV4dC10aW1lJDU1JDI3LjgiLCJpbnRlcnNlY3Rpb24tc2l6ZSQ1OCQxNjAweDEyMDAiLCJpbnRlcnNlY3Rpb24tZW50ZXIkNTgkMHgwIDE2MDB4MTIwMCIsImludGVyc2VjdGlvbiQ1OCQ1MSIsInBlcm1pc3Npb24tbm90aWZpY2F0aW9ucyQ1OCRwcm9tcHQiLCJwZXJtaXNzaW9uLWNhbWVyYSQ1OCRwcm9tcHQiLCJwZXJtaXNzaW9uLW1pY3JvcGhvbmUkNTkkcHJvbXB0IiwicGVybWlzc2lvbi1wZXJzaXN0ZW50LXN0b3JhZ2UkNTkkcHJvbXB0IiwiYWRibG9jayQxMjYkMCIsImZyYW1lcmF0ZSQxMzIkNzA~
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/s/pp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMsKRyz2X%2BuFkKcAWWR0G4TKuB%2BZHOeQ0WGXQ4ciXAu34ytHr347q2WkWrRlIOOiDl%2B2j%2By2%2FhDnjepP3IB%2FmnMK5GhVF80g%2FeuA6jPLfykez60V7Bh6w%2F1flkjRFqyJAUPgfliRBgnuEpcgBabgHjhIZw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 76dbd4948c7d9088-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 102ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 19:28:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F3A5 13 KB
5 KB 60ms
18ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:07:21 GMT
expires: Tue, 21 Nov 2023 19:07:21 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 681A 783 B
1 KB 78ms
29ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bf8e1514757ac28b6d85379b2bc02f4aff7ab518f1df90ca517c4309828e67b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fS6CzU2JNQrNOt2FxYlKLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-fS6CzU2JNQrNOt2FxYlKLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Mon, 21 Nov 2022 19:28:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pubcid.min.js Show response
id.sharedid.org/lib/ 732 B
904 B 628ms
189ms Script
application/javascript 34.209.30.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/lib/pubcid.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.30.241 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-30-241.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Nov 2022 14:34:12 GMT
accept-ranges: bytes
content-length: 732
vary: accept-encoding
content-type: application/javascript

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 31ms
30ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

848360150c7285fb18cb4639a4bb09a3664499b3076d27648f1fd1ff8a7f538f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 10 Nov 2022 09:46:31 GMT
server: cloudflare
x-amz-request-id: MTGHMSTP2MQ6687T
age: 312
etag: W/"903cd4a80ebccf0d9e448e2b133b585d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 76dbd4954f6a9b7c-FRA
x-amz-id-2: tEESGVsp+bKyUkJkmxizozouvEm8aB1MzR61a75ZMo0qfXJXM+T0kX7X8FMpX0Uhb1UFu05EslXpfBC8wd1XuA==

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 129ms
54ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-9c1f"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 22 Nov 2022 19:28:47 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 32 KB
10 KB 79ms
23ms Script
text/javascript 13.225.78.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-128.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 66a8dfcc4572e000bf5b4351bae2a763b3357a65ed373ff27a7e7b38ec9486ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:00:22 GMT
content-encoding: gzip
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified: Mon, 21 Nov 2022 18:55:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 1705
etag: W/"2c5f4a319c3d99310927955777b5abe3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: I3t2VR_y3MORQw-Ak6xOmJBQg05vPMH39jXto8kRktAl-ubX87p7xQ==

GET
H2 200 uid2-sdk-0.0.1b.js Show response
prod.uidapi.com/static/js/ 3 KB
3 KB 356ms
113ms Script
application/javascript 18.225.3.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.225.3.171 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-225-3-171.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 76424452f8e1eb0bc7fb20f6d7fa0dcaea480d7152a74756c01e816a663c3aa1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
cache-control: public, max-age=86400
last-modified: Mon, 31 Oct 2022 06:06:26 GMT
accept-ranges: bytes
content-length: 3211
vary: accept-encoding
content-type: application/javascript

GET
H3 200 container.html Show response
2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4054 6 KB
3 KB 58ms
19ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Tue, 21 Nov 2023 19:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 171ms
171ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJsZWFkZXJib2FyZC01MzY2NTA5MyIsImdwdEFkUGF0aCI6Ii8yMTc1MTI0MzgxNCwyMjU5MTYyNjIxNS9XTV9QVUJfd2hlcmVnb2VzLmNvbS9XTV9QVUJfd2hlcmVnb2VzLmNvbV9MZWFkZXJib2FyZCIsImlzRmlsbGVkIjp0cnVlLCJldmVudFR5cGUiOiJhZGZpbGxlZCIsInNpemUiOls5NzAsMjUwXSwiZmlsbENvdW50IjoxfQ==
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:47 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
322 B 80ms
21ms XHR
text/plain 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H3 200 Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js Show response
pagead2.googlesyndication.com/bg/ Frame F3A5 36 KB
16 KB 62ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15969
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Nov 2023 09:52:42 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4054 0
0 65ms
64ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6RV0btF7Y6jBIdq89u8Pi8q9gAfJntKxXNWdkfdwwI23ARABIABglZr8gZQHggEXY2EtcHViLTg3MzEyMTA3NjUyMDIyMzfIAQmpAotlge4oMrE-4AIAqAMBqgSiAk_Q4iKq__uwadxW1k22DPykah17ZIUOpfJubYsfGpJ-0dbf7fgl-1T-6nKY6zrFUDKWNMcpQKoQIM6sCtZFIN1bsJjAaenyj6CIzhy7jWVVkoP-vP29BHn_1idlz90ArCF2ms9zu2YYxm3_QjPVakyAfd8wmORbdF4ko8891LkDMb2O-HvfHb2iamlALYeJGD8dphTMsZwh-RyYze7IrLV61Wx7DZfrrkZYioX8t8e2lPJ-31QcqKGuAu1vdHbtIJ5IpHe_JO3K-US9_lQ82g101lgzGeeMsX3fNdf7r76u3CrA2RZmMFiPJ09gwTHy8H_FY-bmc5E_MTLM6ZYAT-DaiW3IkRplCALCDqe3ebkrB9t07V-Y0OBkNtbKDjK88aOC4AQBgAbHzc-Y357tqfkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi04NzMxMjEwNzY1MjAyMjM3GIeubg&sigh=agIVLjksvAA&uach_m=[UACH]&cid=CAQSSwDq26N9CRLlx9US0of7L2x3ZlBZ7HqHDyVPD1rxPSQ-tFKuwP2Bfc1BTOhzxw1cYMr1FkMOBdrLb99_bBevah4dNGhDEn_p1U5w5xgBIBM
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 4054 0
0 251ms
40ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFOv_CsoH-gGdg2ICAgAAAGhUjUNLKXqeQVlPcwk5jtsQbtF7Y_Y3DXydMVb6oMIZABIAAA&wp=Y3vRbgAIYKgH_Z5aAA9lCzRnQXu7XI7E7wBeaw

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 203182
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1A3C 142 KB
47 KB 241ms
123ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y3vRbgAIYKgH_Z5aAA9lCzRnQXu7XI7E7wBeaw&u=%7CZXJYARNRQ4Wfis5bBMnQ2AdaeWhapfGm6KiVRiEWeQQ%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHF5JbF2F7hfY2DF_LDS5_jQ-ZocpOV2MQ52xqnvVP65JF7omwNrfNV87xcI_hYqEvsVK0Z_Nczg0RfiZh_kI1Vr75Dbmxm7ynN59uCfKTX9j1hvq8HcdWNtAd3wHEpZX-o_pGSu1FeK3qI7vsdyQ2M6hFoUzgoQupE1Sj73FEmS5miZQbAMb-dBA4Ij72EJgM8741r30vl9xMxZGTn7QJnVPrFfvazEAEvHyhhyVHq1Fi_-b3FWcUVcbLcDvjm8MNifLf02sieAYywx-o1ZWkEKcC5nCu6WtvR0qbfpXsu6MltoV84vqjd5RShFa-LRtDmjEzsSo4prTmBi_t7klMjaP0n64C2wqz0XAHt9IzDbTqqqnDCtsXZUAVkM1Re1ZfORivyOYBesW97nG9B3mNHg7sZQJYRrY4CVZETBWoKf4pvb87j81wu-LIhjZFF-YC3b5NBFZbhAIKPQeO1U02z5sPcLQ6ImNfR8JZuo6bfglNau7pJebgysgtsxlmwM8ptfGsrVIKRjmmy2n1pHn84JF5tfEuihn2JLPeT4K6W6LAZgyHJK7vMtw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZqbWbtF7Y6jBIdq89u8Pi8q9gAfJntKxXNWdkfdwwI23ARABIABglZr8gZQHggEXY2EtcHViLTg3MzEyMTA3NjUyMDIyMzfIAQmpAotlge4oMrE-4AIAqAMBqgSlAk_Q4iKq__uwadxW1k22DPykah17ZIUOpfJubYsfGpJ-0dbf7fgl-1T-6nKY6zrFUDKWNMcpQKoQIM6sCtZFIN1bsJjAaenyj6CIzhy7jWVVkoP-vP29BHn_1idlz90ArCF2ms9zu2YYxm3_QjPVakyAfd8wmORbdF4ko8891LkDMb2O-HvfHb2iamlALYeJGD8dphTMsZwh-RyYze7IrLV61Wx7DZfrrkZYioX8t8e2lPJ-31QcqKGuAu1vdHbtIJ5IpHe_JO3K-US9_lQ82g101lgzGeeMsX3fNdf7r76u3CrA2RZmMFiPJ09gwTHy8H_FY-bmc5E_MTLM6dQCbnJdBvHbLoZxq9L_qF--bbOdDfVsb-tQ7UaWicjmFrcWdbA9zinL4AQBgAbHzc-Y357tqfkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1u0FwXDy9ovYZE4Lsa3yhIlqxe4A%26client%3Dca-pub-8731210765202237%26adurl%3D

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

78fd2c4d16f0a0337839df722311314ad2f914e15a0062b74b9e38cbb14d8899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:47 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=HW4xhzzlZpWRND4YCnuEi8sPr0fN8dcMjRIJqk0sqwtPNb4K2FP8CHm2cys5T_MdUsAxo51Abj3beVtnZgYzxZTQK5sGc8950yw7EFzhtihL-ERHB8e2PwcNCi3FtfBH0pvixDHvPVBUFTuGSdXWskODPfyQGS-NHBoaYNfqLO2IoRUMzYvIecZ2w9hI4HpJds1qFxpoMgik9X6l6hhhznTZCqkVg0KbGuGpq1pVPdkl66xtJwCEtOCQqgAVrjbHTKQ-GA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 79532676
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4054 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 15:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 15:15:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4054 18 KB
7 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 4054 24 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 10:35:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 291184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 18 Nov 2023 10:35:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4054 154 KB
48 KB 92ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 681A 0
0 74ms
54ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022111501&jk=3037495171284003&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
332 B 156ms
47ms XHR
application/json 54.195.100.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.100.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-100-225.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: d580e451a2d977b93526ad80ba3178dd24e3ccdb7f2b3dd64fb691e96f7a2e4c

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache
x-server: 10.45.29.90
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
DATA 200
OK truncated
/ Frame 4054 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4d7861377aa1e96cad429e3140c666f11b76ff52499e04a17d42445649377b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200 984.json Show response
id5-sync.com/g/v2/ 215 B
622 B 62ms
22ms XHR
application/json 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/984.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

9349319e3f3797135f6dccd8a8b0e8de20e6ba774dc9d53b4a5cdfa258f72a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H3 200 container.html Show response
2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4CBB 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Tue, 21 Nov 2023 19:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 171ms
170ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJhbGMtYXRmcyIsImdwdEFkUGF0aCI6Ii8yMTc1MTI0MzgxNCwyMjU5MTYyNjIxNS9XTV9QVUJfd2hlcmVnb2VzLmNvbS9XTV9QVUJfd2hlcmVnb2VzLmNvbV9BVEZTaWRlYmFyIiwiaXNGaWxsZWQiOnRydWUsImV2ZW50VHlwZSI6ImFkZmlsbGVkIiwic2l6ZSI6WzMwMCw2MDBdLCJmaWxsQ291bnQiOjF9
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:47 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D481 15 KB
6 KB 211ms
37ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
server: Kestrel
server-processing-duration-in-ticks: 917579
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 container.html Show response
2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 61E6 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Tue, 21 Nov 2023 19:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 171ms
170ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJsZWFkZXJib2FyZC0zMTE5MDQzNiIsImdwdEFkUGF0aCI6Ii8yMTc1MTI0MzgxNCwyMjU5MTYyNjIxNS9XTV9QVUJfd2hlcmVnb2VzLmNvbS9XTV9QVUJfd2hlcmVnb2VzLmNvbV9MZWFkZXJib2FyZCIsImlzRmlsbGVkIjp0cnVlLCJldmVudFR5cGUiOiJhZGZpbGxlZCIsInNpemUiOls5NzAsMjUwXSwiZmlsbENvdW50IjoxfQ==
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:47 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H3 200 container.html Show response
2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 37AB 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:46 GMT
expires: Tue, 21 Nov 2023 19:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 171ms
171ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJhbGMtc2RzIiwiZ3B0QWRQYXRoIjoiLzIxNzUxMjQzODE0LDIyNTkxNjI2MjE1L1dNX1BVQl93aGVyZWdvZXMuY29tL1dNX1BVQl93aGVyZWdvZXMuY29tX1N0aWNreURvY2tlZFNpZGViYXIiLCJpc0ZpbGxlZCI6dHJ1ZSwiZXZlbnRUeXBlIjoiYWRmaWxsZWQiLCJzaXplIjpbMzAwLDYwMF0sImZpbGxDb3VudCI6MX0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:47 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F754 624 B
368 B 114ms
59ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNWbmHKKNvSWs3W7Zc91-YS3DS57n7diWsLy05bQafxq0OOkX1znJGLBCeMx0yOUuYHKfz6sZTmj_V6WXCKKlZZq4I35I9CaAhm2Wq4Uke8Q4qmTA-uTxfFFrsjwL9XqpcsBnfMrisECFVP17stqoCfaGTf6aqnbOekyBpz1ukXCoduvQlo

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:47 GMT
expires: Mon, 21 Nov 2022 19:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4CBB 15 KB
11 KB 113ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DkKiUjQgBxEFFR2_r19rhl8OpFyKYEQHcqX6DoVANRX03VNnc_NcLxxeg_pl0BNPYOrggLY030RpWKTIGqR439XynM7nD72Rd62q95YYzlPRTQPnbNr7xxnALCP01f3QScNl7RmSAP2d_Se9Q72bsWSGAFxYnYE2O1FY-YMHOVr03k2hE&cry=1&dbm_d=AKAmf-ABtKWL2ubaZoqsJs_HoI9vwKRJ_eqhSWOG5U7g4ap1ltqh75QBhVZ0mYXLCMsc30hD6Dh75vo9bDIIGMrEFQCk_9XFNCE3lB2g5--mV5LPsC6Ifcn3vEeNbZ10TIL1cZzAljmMJU8M1hO7-bG3RCVBU6UMZjjXfRD90eWLfiiBUbNN9hTXn9yUTyKksMxzW_XB-ttO-gUIivgeeyYzEEYRIej0bdNDJb1qDlbOfyHsweFnEw_qN410KS-X7iKJSaznOcXjNssKJ60kMI4E4KlWMwqNo5qHqBejlpIyhHI2-1SJBfEiR95o-ZsGxb3DQhrRQ9uCBWok-RVkPGHKhxKHWbgFS4rrJGPfpnMMmsbxcJymsq88En7Pmss1iJC6I-4w88EPeNk0GZbhYERgV5OcQStgfdbQ8y-0AS_uwjNktuZU7KwuDa0_6jhiglkNSP0GQ8C53FGn3F59TBnB4Xn_t2XTigxmNRfb44tDNfgaEktonNeC2PZWZARjzdAAfz0Z_UWurtVKWM6weewLLGayGVQOxqkuLypcT45WUuFQ2cq-ynZRHjAgWAGvLj1l66cXqRt8_l75uaM_m1aYYq29gwlPihUTfzEmL7Di3qTiMULRbcbHFxc_Yvl8WcsqI50VPgXTkbtgMVmwTvE_RGADqnmG4uDF1D5iUcTH8wRIlpElQWHnyMSAVMV3V4qlhE55ffyEwhigaiYMbp4l_d1EajUNln7e1OJ1qPKBsfarIldmsogluYnHHNOoX-g-mm2WTdZlMHCX11B4UKGS8K3_UChOals-sGnapCxZiwjtpbpFyw4Ru53S5MM6AsIMig3JQ5RQJ2lz8-wcf8Lm2Ty2-TxMDCRc42nIe50Pfr_wC4d_GEpPZD1DeWIzaRORxbwqOdTBJIkDFkdQJOJcX8Jgv4Edfu5x7H-KyB2XizruXZwbB8Teqa0dS1gbfJLfYvvecBtpyppaCduYodHwwVlCsbUZietpHuhhRo90qS3UAW9CQ8i-7L542b5vafSL4P2RJZ3NzzBNRQ-4QrYrn2r_vnRNZ5dmjS3rTLSlmR0gWyErwz6psiKLnB06r54QIreEHHfaEWvE5v4jNLF6lJeL6Lf3EncV7mHU9OkJ5j369WCg5fCWYvpTSRh7rhJbXuBUslDR3iYbJMObZ9BtkZwA3zSHHPGPh6vPl0NR7bcLp511s1qsExu5b4PSslYkvoC72ufahbWRQrHXy7NHdALg3ILCEkE0xHlpb5hx6WSxOgdhYBUJNYmXrAeucd2IcC57QyWAtOrfoRD3o9UH3erpCOMtrvFsJ2UNzsNz7vBwol9rPYOTdgbinPB0usN0GHq-3WyRSjvh8WPnpvnpIet09O5fPz_1VfR9KpcG9nS3I6jHD-QbVjiwuC0suZl7KtJVwO7sftTNFCY90kfl_afdfnYs9Rp_7ORgevS5OaGu0bP8RH68dsn0jxreTPlDKSZPfAkrLJC9XdeBGD7mAohGtQfLi1anxwY22bMEBqSA--vnzSNKnIn4GvLExGF5MOqkGr2U1oyw4t_d-ZkUUwbw8365dVOEuOnXfCXDh4c0XW8bgthjO2z14I_u_NPin6EKkAxGst2q86iUujaGs1c-HTHxeb1lSSmjk53fE-8POB8u78q8vCvNcjgXiA5xCm2cQ5RxgE1QyAS_l4hclDFVhlSKz4ag3Jq3vyzcZXRSW7quIZnPMSs5YNECf1dRnZsflYBMI8-W8t8Ytlj_me4_d-M0gYEF4GAb-uIzLcjmQY5pw5LT7hxJR3vCSvpq7_vyjunxFfMOrknOGBDL-kB2iBNm5HkjImWqhXs8dgenaSOUXNO4OF9cgpdzU_xqgl1aG6R76xNP_TdKoRJIf0CxpjxICBeKGZIVkW2ghrfsTRXsxj3RX-63QjArW2UxlRVRmT8ha4gln_n9oAYHs2DPkKwDiwSI2pYa8yq2Br8Xg-IGHinCziIOmCa3GLIvyrcst-leEAm5_eki-vHut8BSeY_LYGnt2rrPvVTCVcoHAXQNACTEP6VaunZHk4bIE1gDtMEzwWN6H6wimY6q_mM_9WXyJ8voKCsSeo-2OY48vTNzN_eztuO9lblYm8nDjfjP-5wzUsR1NPuizTkUz47CXQB-GuspavNWrXhVKr5uGh0JFVldfJ-LrtLJO3OTT7Y0lXG9WniGTeUAXwg2jWbXbOr_A2ult7mymhbHw7LjaCThi_m2o0CU6SgobYMg2RLd66SSfhcSYdHjXRPUyCIACO9XbSQMmUmkM0wjnXcDOseYDX0ubABTcfnvA-rKH-8o3N2h2xpp9SwfUXideJLTruYzn7XQBV71QH_TnfanA4F7eLs1QdI7t1x8W6MTcK-igAgn7gcPCyV3UTKIMv0PUe1awCdzALvpftkZCCwRrhiYbOKhLdXLog05Js2i1jpcjH0fgPj44KzxKKQHO57Rc_BYymZjqaEmib5DJ0-ecdMukoV-_1adT6OIqORus06ygltWllnwINm9ov7y6WIPyJFCakiW5nZqbVGts81ui7vp8O3S0yDoF9QKpCjj9sKPN2BAoJ7SIEX7-64uh56TTfzt3CEx32wJ_YCGALvgVZb-40naUUsLIQs8PvaXinpmS5MjmDwYAbKCJrBRzBuyFh6UJTUgNxajN8kKO6a9GiPstn4i5MRUygRWBFuEIKU2OJj7DsJvzzTYeTYhNdvk8M2wIHzPCYLy0dGaoBSDEU9dkbaiOwtoJ6XFAxo8JU9ACP2IHPPoJoELMX4KMmh-dncfHxuw1__jZpf5NDhX9DAgQ3dFp4V25WkydE7ANKba6X_TzqApjpRPVKIspPogYasl66fo9LhaOe0Ra3xEXm1sOZs_9gbZsIQmgP9dVdpKn1UM_HYLBrcjODBTfbYmWTClf-knHWZCNJpSCj02No33k7Py7XOCsg5ahsdRL5vK8pgS_jh2g6ULUApZDFfmpPfXFNnSV7bujrzCsE7t_Gjyo1d5T8YqzmkLePpxlMj-sUzRX2fAQD_iK-wr8l2afvEo4PC3TtQvbIxyy-KcebJUV8RQAjlSwiWqudLSY5bgNFBcrh_18pqtrVI-wJVb-Zi90Yosyt5i9HN5Frvtd8jynG17PqayfgVXnJXlFaLMMvmKCEv6iD6D-mYOAY-aB59Sdt434LfFf_04hVJxLCEPsLaweadnjc_PjKlZPZakfI4qeFhH-o_ch_3CP_DBUPBs0jg_DjhL4YhMDDEUMcSX2hUgg1lQUMYINqvKmXF2EEBflOT7TVzVsgkA-Xtk2dNkx8tj6xMAn-EJQJp6Y2CtS_lB9w6H4Np_L8b_FvZU2gWF-AyR0AfiaJ1NUqikQPlTPYBHL0yb7bDDDyed753zluMbJxVXx6yNsDsDxy8NpgDY5EYEgzFV0F9P_xlCmGIlW0hjWVYLqRNXLXaC1F8DOsEouitSUGOxJJzggzBPEHkL&cid=CAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT&rfl=1%2Chttps%253A%252F%252Fwheregoes.com%252F%240

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

786e5e462008b4f0a411a7c8a53dbebcf1e823079977ae3ba5d8f1ca3d75a351

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11244
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4CBB 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ATXM5Jo8YlVRsM9kzRYiDU6S-HCo9z1CnG4lbvo3WplF718rTw8bnCluzsj_WPu0O4kBSd-_Ii8bRveUvM3cGgWNBhNvai2jeVTJDHZYBwTzG4d2Q

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4CBB 3 KB
1 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 15:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 15:15:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4CBB 18 KB
7 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4CBB 154 KB
47 KB 75ms
31ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 61E6 2 KB
1 KB 80ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 18:16:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 61E6 2 KB
765 B 22ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 61E6 0
0 68ms
67ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTLINbtF7Y6azIqm89u8Pq9ah8AX0_vbFbfDI_KuCEaLjxaiUMBABIOfd4G5glZr8gZQHoAGq4e30AcgBCakC1mLs8yA3sT7gAgCoAwHIA8sEqgSOAk_QZ_UiZM096Vssgm2FXeUxcNyNQPeiQCwkyheJG9AAqAjo5CmOkDUSnab8koM7x6agNMRup1kV9e1TE8tYrdE957P3iQ6AspQqjCgYv5CMaghBCoVRjENl9wq27LRXe6LZcvOhSeMPphLdOhWWC6eUBvGwlnRd1qjzHKGe6boYYPXgxYuR5rrNNdH2B6A7k_MbPvdARtslxxeaEyoJpOjJ2_IfaybmWPRoyEgrMPmWAql4Z6iKI6_qQn0wgF8H66exuwY5Aw4BhBGoMWQ3l94fiBPeDrJS-cuvUVeUMYDyyqTb7HSf1FVdK_DOFzT4rgQrc3nZ4HI2hZZqgWg-99GraCK3ISDVdKfgiYosRsAE752zovcD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB76ekosCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEMefE9IIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BML0BUBmBYBgBcBshceChwIABIUcHViLTg3MzEyMTA3NjUyMDIyMzcYh65u&sigh=pdCH5JeEK2A&uach_m=[UACH]&cid=CAQSSwDq26N9NXGzSYV7H-lXtizPUgj1WMu6XubyMuCoEeodKTR7CPjEVmVXwdDXnT1vqiwPs6_1cmAxJOR5LYavgXG3m5MvF6sPEJuNbxgBIBM&template_id=494
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 61E6 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 61E6 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 15:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 15:15:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 61E6 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 61E6 154 KB
47 KB 63ms
44ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H2 200 f7733d2b54a65c984752ab0a98c7def9.js Show response
www.gstatic.com/mysidia/ Frame 61E6 34 KB
14 KB 98ms
19ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 09:52:43 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 61E6 6 KB
6 KB 86ms
21ms Image
image/jpeg 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQIG_JT27Kmm5mcxcYonrN0sDOnB7-0XXqu3zPetlV-6aYJ4NI&usqp=CAI

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e6c32a51c5697f76403ffa53963b2d02c53fd60f34066ef9b7a8cf1f106d63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 12:13:49 GMT
x-content-type-options: nosniff
age: 371698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5927
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 12:26:00 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 17 Nov 2023 12:13:49 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 61E6 21 KB
22 KB 101ms
19ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTmoZ-AnpQm6zyYlyEjPyBTXs2K1hocJzvtnWLVBBiHb0hYTGqJjZEjBuj9OQ&usqp=CAI

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f61df9a7c11bd68dabbc79906d334cc80e5183cfda24724e957452a54e507a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 16 Nov 2022 04:37:48 GMT
x-content-type-options: nosniff
age: 485459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21627
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 05:28:46 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 16 Nov 2023 04:37:48 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 61E6 24 KB
24 KB 115ms
34ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcResKOZKhHTlUlCg-O8KGZgoM81WEMAmYhKF078EdOtTdvaCw6KgrEzjGd1ng&usqp=CAI

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58270f132ee9396c48b1faf83ddee5b1b8fa5814d40dab9cb080a7f45bd7bd88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 03:38:12 GMT
x-content-type-options: nosniff
age: 229835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24079
x-xss-protection: 0
last-modified: Wed, 06 Jul 2022 10:51:36 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Nov 2023 03:38:12 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 61E6 13 KB
13 KB 125ms
43ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQ_v8AzGCs-qeXZGlCA4tN1luIccK3fPZfZyO2y9Lj6l8VAlbsjpeQ6OhASfw&usqp=CAI

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddd91b005318711821ae50d18dbc8460f950777ab02f4566d01aa27e6a58e466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 16:48:11 GMT
x-content-type-options: nosniff
age: 268836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12864
x-xss-protection: 0
last-modified: Sun, 30 Jan 2022 18:58:58 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 18 Nov 2023 16:48:11 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 61E6 34 KB
34 KB 88ms
20ms Image
image/png 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTNaV4pWSo_bsGdgjtLbKul2yMvCyqPhMh9tQsGgWYhxpOXk-yp&usqp=CAI

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477d1414e0b1e0567fbc31c5efa299d37a5a19f5066bca34f5506375d6527c57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 06:50:51 GMT
x-content-type-options: nosniff
age: 563876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34359
x-xss-protection: 0
last-modified: Wed, 10 Jun 2020 12:30:27 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 15 Nov 2023 06:50:51 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FC25 624 B
419 B 66ms
58ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNVOS8MVcOsH7Alc-lSG21cyrwIfOOABdPkUA8789mI2EVCaL73zZ5yW-VynfWfjSUuEg7R2GV6_ytJpyGUhzAuDlp3Jq8SReCixgVYd_QNi0Gb89yts_UTcbrf-riQ12dJ3Ohzgj-3jDhFKkKO2I4vV3hkV_mLxa2OVlfvcGwEMNPQLMgw

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 19:28:47 GMT
expires: Mon, 21 Nov 2022 19:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 37AB 15 KB
12 KB 64ms
56ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BGiAPrFzHoLQlO04sNm_o1Cl-537VJUbOozpw4VWfJR_ZepHtiaAipTskUrxOoyjD407U7ZideSk9Q-N2WHX6sdWxVqc5v60MDHxpGPMgIhIwhExQTCZ4eFucwXwHtfD_lKASNwvxddROG0Tj2vrcwvAidWl3_W6Zrz8NY7TzjcvaUf9g&cry=1&dbm_d=AKAmf-BqaurdMV2-ZyxmiRW9b5IJ5FYvYcPjDz6uvltxQ5xQTi9X9AQZWX4Qxu6vEhKUrE2y27urhdETHwLA26ChVrC2JH0_40nYMaCxqIIZOMs2kzi-B35OTMt87t5u8dF9RtIrcZFPERxMHW5ilpPlv4IAal55_kk59_1NnSagmWFA-bY0Cp4wLqwPKQkSGsx3zKdmLWsW4PGGymy5oeLqiVfiFCzWdycOX-FWMGY9YjVs_fnfAZM8dJ8R1toVFn5ts8XInKYtSJAYW1GBOr68h8uh0j4pOECmJfa3CkfRwrO3lmM2hkasN62gVidaEY3nbt1ySiVIKU4B9j1uwv8MYLyUAE29Mdfx1AE2j1Y7UseOntnfs3CFX4f7q_DJAvw4H8fwzc0E54mLV48SRyVjCaaHLM9nEYz1wtwFL1n-1l2SfhrDhWRuWjwaYm_u3cPDxo6a69PRRPoHDkZeBoOt7FuTYc8Q-XEQ6FTTcK6odv-M-Yh3TR3hLV4O4XD6XdWNn1I8Htd9vSIG9hCm6DjNirVYSpUBd7ObIh7NLgPhgYeWDDQa6PIh2va34FuM0ErTYSflhuyn2BS2sm4vr74w4jTLoW84Rrn_HvzZN0b5tv9vA_sQ9ZPztpGOhpTPXIbaEvv_24_etrX2zx4S-Lknk8TBCFHBg50-IUOesEFH66EsTdmJrV2Ji_XDZ2vMtNLjad9NjMLfyIY-MaSbMxWuQrj--w4Tv9b8Yjn-cSnuAIGWKZnuw1R1BJzCwuIbAAwqjV9hnAHD2RQHrVv1fInKMTkK1WmwQzvfDX13H8SBCmpQLWgQKmomms_od9KDnxUTQyVsQZtPf9XdUMTZSuEeGS-pDWTg9QkT1TIugsomQJrjibPVdi5gFDH5l9EMafhTGvhv15Ap-wVMnPojY6Fkh7lVP-cs-Lg4L-pNSQCkFyZr1ZMt_jFym-jkqEQsJ-gWu2Qj8FWHO4Hoi-to1M-Ped4uQwXbC0pV_l9tmskpV_B8gtjrNoA9vA4JiLcTgLOXHN-_5bQEDUrrq5yxSHnKdGKWledjcM3A7IXWsxsBT2QXpkQPFiQkmSBVAqZBqxCaNaI36XCyTSOEbRzfrqVftRF3_WOXQBAUAaCGpuZwF93QR6pCvxodNoMt0a41At6XrsByFp21Olnhp1bpterlqF6uEWlrG_uoawm9dg0avdWoQiMGL57uKZwAibe1OPAvwqIU8w_VUq2rEkt9A7AZvGZ_qCbxgsppwZvgz9RcHqgjf98s7A1gmuI2b0JsbT9LizLc4L-Xx2CDd3M2S1RTSkpCaSXWhrBnhhSQx-9x29Yg_XqnYnFU2TppF8zERBB1GLVXMNGhv6xMR1pgZZ627_6npGqU3Dyxw0Qj4pnsHNPKq1EAI4MjE-iJNGRJ-Z0LJYrw1_taMx6kLtIocW28pq6TXsJv7Otatlzn8GKYgxAngxpv7wFIJWBNzw6un0LgAwnKjSKd8ZDWPzRtMBnnsIRSS4O8ZlNzh43ImMI6vfRN_yssm2MQv-DJaYFe3PW_OxobbTQ5DdUGvZ8vMgxIWDW3KBcKI1lsov_yBS35qUQ5DewBEsGdLxvQNCRwFKJAqzg0WUgYk7FI-cqMJGP-F0OdmqMfgs3PKeuanQtZ-fx5aL9Bfnw-JgbIz0HjbyddlNLQSHuKXOaTKT100fyXF7FBbSRbuoQqnUlZQkvzbKDidqIbsoDhoaO4dBCvoWDvrdTsMx7Vt4SgPgVHY5hN7f4DkUwtRLsL7w2s9BAo_lI_ap6ZIlug_bXKAiWtMuv5IqRN_f4Rbnb_AodUVRtUK7EtGB_eLnrLX2OfW1Hq6UIC-ncmrKHlB0mIbVr6tX6JDNjL4dnyWm03d0JjQppXcH8cxTRacZuD12Uxdj3aIihyZmzqAgTD8NKepk6sUHHc0_hweqsWGyzcfYZEPoRMnDdFmyNh9GtgAT8HaJfwkNoY_hbnI156LksDFk4jpdprMXAsfv9NnAQHSTcIG_Omxu964SG0IwaiyyTmnOaoDQElPDpVHLe7SdsPF_GKn-CFafXz9JjI3nINoblHRk-Pv82W3hvPDcwz9t_TzycV-Nfdow6qVQ1xIlmfsrfrEMVLwBvN3h44m0qYkHxFmyoENwaKxbtZPtiqrPOEiOf3JwKCtH335CF1mIBVr66KjFANyIDdX6WQaBhiGrcmVDDVePr2ZVMT2RZFqetMQ2k0b3_7T5fAjYEFIeXyU2FH_FiFyUMkBKtUkym7KlSoAzvH1ZxZhci3LL0u7VINY2F_09K1XSoufctIxbO6LvT-fqX_LsIOCjZ71ON1e81M8UCSrIPmio6J9cxi5_hpQH4TywBTcsPdfRIFNukshpxDpCyHm2TIVVnQbLNmSrx5cgZHv51kGoTG7y3EAqGFxaXYhCu9fl_n8w0FPbufg40sjKg2pqnA8tPCkmzh6Lcu7BYa8PsSbvBqeiAZgENG-1JrtEyfivJcwxAx2HcVTKDXzVMeJpnYURnbyrdvLu14Sro5Tom7DG-kNqZRn5172ldpJwDHgpfEm6kMySyzBCFzPezcOnNR5ZZ6YvZzBbS3Fb8ezydtoFF_avRxVBv_IxBxKkRkzXfizVyeguQyppC9bzRpXI9mOe0Zn53YYoLhNzg-fv6wB6YDDSQuacBfgyypB8P9OMTYDqiV7c-F6fbj3NUrqBpI8oXw3_OkKkxrR3aeJHtx7thlKuZyMUoXNeXFbu5NWA06HMJrDNYVPaJshDCQmzB6wr3TkkiynF_ehiNN8GQGumVTcZjDnEKi9IfekQV3uhG5656E_zAzBNtXb1jQhxIN7tiQiGBp_RNM74uMoY7pVpiHY73qHhZP9KqDjJbKHtP6POTM0uJvYccatBrxXPCjmJZUIVGGKSMC5CE10Fmc31Ql7sEvHzg_boS9p9q9ZCA4meP_VBBNDCVnb8mFG5l0ukEsxCJWUf7CDHoJsoOU-tD4EdE9aj9CrFEZOSivW4bDKbcmKlns_oT10I66MB3bihGWEZPJyz6V7EOZ0dUYfZHBQtXsVYkAUl_nAaWzfEs-ZL6U4ZA3wlmuWMOEziL0My5r0PVAsKYv5llvE2IS0tGNLBS-EfGgYmkcC5iCUrTLCVbxX1djhIa3kIwG7232Ge3ODGmcClQoTHlrRURj-0s0_4b5czThnxmhI-VW1ux-zKLSe4mdHdzHMvcUE8_F45qnyOQ2PiUBc_umrhtGC6_jKuyMMKneX_Qd5kxz6XXt8XeEathMfYw1GEp3Iwe9wtqcE-RRHHKdZxdHhJ9OCfdKyIO_OlqOAd1O6kwpyk1qpSfi2Wd7OY4Of16anGxry5uiwuMToiqaN9ik8Z-Ch7CktSFh92f2VS3AAPU4WvKzbdLBq47J77RN-tPZUG6jXsZpDbdzXsqkV-vAXjd6qvViIGDYwHNwyClEFulbaETGD5Ep_8UZd9oCde9GDB52Zrs1sNkxfD2KVdB0EYOWz3x67w&cid=CAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT&rfl=1%2Chttps%253A%252F%252Fwheregoes.com%252F%240

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0642d8a3ed59edc471ddcf34d5454a790200a0977bd22c14c4def4b896e00034

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11256
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 37AB 42 B
63 B 60ms
53ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Arm4PJrSwuJemi4QzPgPxsUoUQTes0abvzgW3memwhLA_GyJyWm8HXoEiW99jBvfox24NKeUWYkuzKbJyurVy7hqgpt71K03AXBQkJC3uDTshfcZE

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 37AB 3 KB
1 KB 24ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 15:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 15:15:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 37AB 18 KB
7 KB 25ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Dec 2022 09:52:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 37AB 154 KB
47 KB 51ms
45ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1A3C 2 KB
1 KB 28ms
27ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y3vRbgAIYKgH_Z5aAA9lCzRnQXu7XI7E7wBeaw&u=%7CZXJYARNRQ4Wfis5bBMnQ2AdaeWhapfGm6KiVRiEWeQQ%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHF5JbF2F7hfY2DF_LDS5_jQ-ZocpOV2MQ52xqnvVP65JF7omwNrfNV87xcI_hYqEvsVK0Z_Nczg0RfiZh_kI1Vr75Dbmxm7ynN59uCfKTX9j1hvq8HcdWNtAd3wHEpZX-o_pGSu1FeK3qI7vsdyQ2M6hFoUzgoQupE1Sj73FEmS5miZQbAMb-dBA4Ij72EJgM8741r30vl9xMxZGTn7QJnVPrFfvazEAEvHyhhyVHq1Fi_-b3FWcUVcbLcDvjm8MNifLf02sieAYywx-o1ZWkEKcC5nCu6WtvR0qbfpXsu6MltoV84vqjd5RShFa-LRtDmjEzsSo4prTmBi_t7klMjaP0n64C2wqz0XAHt9IzDbTqqqnDCtsXZUAVkM1Re1ZfORivyOYBesW97nG9B3mNHg7sZQJYRrY4CVZETBWoKf4pvb87j81wu-LIhjZFF-YC3b5NBFZbhAIKPQeO1U02z5sPcLQ6ImNfR8JZuo6bfglNau7pJebgysgtsxlmwM8ptfGsrVIKRjmmy2n1pHn84JF5tfEuihn2JLPeT4K6W6LAZgyHJK7vMtw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZqbWbtF7Y6jBIdq89u8Pi8q9gAfJntKxXNWdkfdwwI23ARABIABglZr8gZQHggEXY2EtcHViLTg3MzEyMTA3NjUyMDIyMzfIAQmpAotlge4oMrE-4AIAqAMBqgSlAk_Q4iKq__uwadxW1k22DPykah17ZIUOpfJubYsfGpJ-0dbf7fgl-1T-6nKY6zrFUDKWNMcpQKoQIM6sCtZFIN1bsJjAaenyj6CIzhy7jWVVkoP-vP29BHn_1idlz90ArCF2ms9zu2YYxm3_QjPVakyAfd8wmORbdF4ko8891LkDMb2O-HvfHb2iamlALYeJGD8dphTMsZwh-RyYze7IrLV61Wx7DZfrrkZYioX8t8e2lPJ-31QcqKGuAu1vdHbtIJ5IpHe_JO3K-US9_lQ82g101lgzGeeMsX3fNdf7r76u3CrA2RZmMFiPJ09gwTHy8H_FY-bmc5E_MTLM6dQCbnJdBvHbLoZxq9L_qF--bbOdDfVsb-tQ7UaWicjmFrcWdbA9zinL4AQBgAbHzc-Y357tqfkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1u0FwXDy9ovYZE4Lsa3yhIlqxe4A%26client%3Dca-pub-8731210765202237%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1A3C 2 KB
1 KB 30ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1A3C 308 B
636 B 35ms
34ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 1A3C 293 B
621 B 29ms
28ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 1A3C 43 B
348 B 275ms
27ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=XBdGx6akDsbZ4BraU9MWJoTlYqD7YorsOB3xOG3PUGAd-VtHDVo_5D8zk1nx2hasu-HU92BHLl7ex_sR30CnrmBV90QsA7YwsIybyNNs0n-byH0RmoLyS1dt6gXn8sE_rmSuVUOJTR_o1JQQ5hF2NYRIKSPTCyPH2H0V6AD2_2nMI4rj6-CFRIgr11_66PJJQp80stgVWjgo2WcYz1Too_bNspSFIv7HWxUi6F63X6BMLTTVCT9xqVbVR810OzMWGchriXeg8pwrI5tNn-7prtWPGM1wTn1MC2f2OMH8wSW4KJERUOHnbre56-V_PT99KiKoDqWyZgN_8CJ_p7_Kwp3Fuk-spNh9E0mx8jK0eUfbC3UmsGAYxdi9_vc97vJbdjIFvSBpRPkb29AQLMTqvdR-karmeiETfuqYXERi77kGL-fx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1654677
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 1A3C 44 B
752 B 202ms
125ms Image
image/gif 2600:9000:21f3:3400:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1669058926
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y3vRbgAIYKgH_Z5aAA9lCzRnQXu7XI7E7wBeaw&u=%7CZXJYARNRQ4Wfis5bBMnQ2AdaeWhapfGm6KiVRiEWeQQ%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHF5JbF2F7hfY2DF_LDS5_jQ-ZocpOV2MQ52xqnvVP65JF7omwNrfNV87xcI_hYqEvsVK0Z_Nczg0RfiZh_kI1Vr75Dbmxm7ynN59uCfKTX9j1hvq8HcdWNtAd3wHEpZX-o_pGSu1FeK3qI7vsdyQ2M6hFoUzgoQupE1Sj73FEmS5miZQbAMb-dBA4Ij72EJgM8741r30vl9xMxZGTn7QJnVPrFfvazEAEvHyhhyVHq1Fi_-b3FWcUVcbLcDvjm8MNifLf02sieAYywx-o1ZWkEKcC5nCu6WtvR0qbfpXsu6MltoV84vqjd5RShFa-LRtDmjEzsSo4prTmBi_t7klMjaP0n64C2wqz0XAHt9IzDbTqqqnDCtsXZUAVkM1Re1ZfORivyOYBesW97nG9B3mNHg7sZQJYRrY4CVZETBWoKf4pvb87j81wu-LIhjZFF-YC3b5NBFZbhAIKPQeO1U02z5sPcLQ6ImNfR8JZuo6bfglNau7pJebgysgtsxlmwM8ptfGsrVIKRjmmy2n1pHn84JF5tfEuihn2JLPeT4K6W6LAZgyHJK7vMtw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZqbWbtF7Y6jBIdq89u8Pi8q9gAfJntKxXNWdkfdwwI23ARABIABglZr8gZQHggEXY2EtcHViLTg3MzEyMTA3NjUyMDIyMzfIAQmpAotlge4oMrE-4AIAqAMBqgSlAk_Q4iKq__uwadxW1k22DPykah17ZIUOpfJubYsfGpJ-0dbf7fgl-1T-6nKY6zrFUDKWNMcpQKoQIM6sCtZFIN1bsJjAaenyj6CIzhy7jWVVkoP-vP29BHn_1idlz90ArCF2ms9zu2YYxm3_QjPVakyAfd8wmORbdF4ko8891LkDMb2O-HvfHb2iamlALYeJGD8dphTMsZwh-RyYze7IrLV61Wx7DZfrrkZYioX8t8e2lPJ-31QcqKGuAu1vdHbtIJ5IpHe_JO3K-US9_lQ82g101lgzGeeMsX3fNdf7r76u3CrA2RZmMFiPJ09gwTHy8H_FY-bmc5E_MTLM6dQCbnJdBvHbLoZxq9L_qF--bbOdDfVsb-tQ7UaWicjmFrcWdbA9zinL4AQBgAbHzc-Y357tqfkBoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1u0FwXDy9ovYZE4Lsa3yhIlqxe4A%26client%3Dca-pub-8731210765202237%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:3400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
via: 1.1 df26103dc140569d7032449c70c3b140.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: wxeelOkigA6VNsjaLFQY_aOgpGSwGZK57vKgu1ECQduz1Onr4-3SFg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F3A5 0
10 B 22ms
20ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?oH97jw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ Frame 61E6 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 052286d9c4f2d1de00f94194244b376f3bcbe97535f2bcfe24446778aa567845

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1A3C 12 KB
6 KB 38ms
37ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1A3C 15 KB
15 KB 152ms
44ms Image
image/png 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=496&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=356&s=asWaolQOjjDK27LiybcVbk63

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

22c8728d566763a64d50a672a2c504875bc39ebba29713ecd97332ca6bf163bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29512347
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14940
expires: Sun, 29 Oct 2023 09:21:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1A3C 2 KB
2 KB 177ms
70ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoAmazon-Workforce-Staffing-245849DE-2005201401.gif%3Feb%3D1&v=3&w=400&s=S8H46qf3EvuvyZds2gfujwsz&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d530eb650281c426cb8d0c8d602cffe1a63b732b9b4d93e33aaf0340896e3024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1298769
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1902
expires: Tue, 06 Dec 2022 20:14:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1A3C 2 KB
2 KB 175ms
68ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=400&s=mpSaavc37cTAcDERDSmhZdBJ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1089606
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1584
expires: Sun, 04 Dec 2022 10:08:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1A3C 1 KB
1 KB 176ms
69ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F0%2FlogoAlexander-Burkle-GmbH-Co-KG-204396DE.gif%3Feb%3D1&v=3&w=400&s=z9_jdGQ_2ffQ3rICcwWypKoI&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

81a7ab8695e815f6ed7b80ef2080f04f282ae1f2265a798007991c0b04e82fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1260
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1A3C 2 KB
2 KB 150ms
43ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FP%2FlogoPorsche-Consulting-GmbH-4441DE.gif%3Feb%3D1&v=3&w=400&s=cKDl1WBCDr8jxpb0gi23OYsD&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

53f218496e3fb539c0c6c0d31e8287766460bf3e6ea3f115efd55cfc41ae890d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=428560
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2124
expires: Sat, 26 Nov 2022 18:31:28 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1A3C 0
128 B 371ms
43ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=HW4xhzzlZpWRND4YCnuEi8sPr0fN8dcMjRIJqk0sqwtPNb4K2FP8CHm2cys5T_MdUsAxo51Abj3beVtnZgYzxZTQK5sGc8950yw7EFzhtihL-ERHB8e2PwcNCi3FtfBH0pvixDHvPVBUFTuGSdXWskODPfyQGS-NHBoaYNfqLO2IoRUMzYvIecZ2w9hI4HpJds1qFxpoMgik9X6l6hhhznTZCqkVg0KbGuGpq1pVPdkl66xtJwCEtOCQqgAVrjbHTKQ-GA&sds=2&rev=83599&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1A3C 2 KB
1 KB 28ms
27ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1A3C 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 16 Nov 2023 19:28:47 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FC25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1

43 B
766 B

19ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNVOS8MVcOsH7Alc-lSG21cyrwIfOOABdPkUA8789mI2EVCaL73zZ5yW-VynfWfjSUuEg7R2GV6_ytJpyGUhzAuDlp3Jq8SReCixgVYd_QNi0Gb89yts_UTcbrf-riQ12dJ3Ohzgj-3jDhFKkKO2I4vV3hkV_mLxa2OVlfvcGwEMNPQLMgw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FC25
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vRbwwZQDb4BE75mbv6cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1

43 B
894 B

19ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNVOS8MVcOsH7Alc-lSG21cyrwIfOOABdPkUA8789mI2EVCaL73zZ5yW-VynfWfjSUuEg7R2GV6_ytJpyGUhzAuDlp3Jq8SReCixgVYd_QNi0Gb89yts_UTcbrf-riQ12dJ3Ohzgj-3jDhFKkKO2I4vV3hkV_mLxa2OVlfvcGwEMNPQLMgw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame FC25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB3115hh4WxWCEfqYnob3lw&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

43 B
1 KB

33ms
32ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNVOS8MVcOsH7Alc-lSG21cyrwIfOOABdPkUA8789mI2EVCaL73zZ5yW-VynfWfjSUuEg7R2GV6_ytJpyGUhzAuDlp3Jq8SReCixgVYd_QNi0Gb89yts_UTcbrf-riQ12dJ3Ohzgj-3jDhFKkKO2I4vV3hkV_mLxa2OVlfvcGwEMNPQLMgw

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: 0ed146e1-8e3a-4667-935a-49f9d341dfd4
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: d23923bd-a963-480a-a057-dd21517fa4e6
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FC25
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

170 B
188 B

74ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: 905c38ac-35be-4587-99cf-683851c66b5e
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F754
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1

43 B
766 B

20ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNWbmHKKNvSWs3W7Zc91-YS3DS57n7diWsLy05bQafxq0OOkX1znJGLBCeMx0yOUuYHKfz6sZTmj_V6WXCKKlZZq4I35I9CaAhm2Wq4Uke8Q4qmTA-uTxfFFrsjwL9XqpcsBnfMrisECFVP17stqoCfaGTf6aqnbOekyBpz1ukXCoduvQlo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F754
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vRbwwZQDb4BE75mbv6cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1

43 B
766 B

19ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNWbmHKKNvSWs3W7Zc91-YS3DS57n7diWsLy05bQafxq0OOkX1znJGLBCeMx0yOUuYHKfz6sZTmj_V6WXCKKlZZq4I35I9CaAhm2Wq4Uke8Q4qmTA-uTxfFFrsjwL9XqpcsBnfMrisECFVP17stqoCfaGTf6aqnbOekyBpz1ukXCoduvQlo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEPFOFsGQjAOhV9xlErlKK4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame F754
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB3115hh4WxWCEfqYnob3lw&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

43 B
1 KB

20ms
19ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNWbmHKKNvSWs3W7Zc91-YS3DS57n7diWsLy05bQafxq0OOkX1znJGLBCeMx0yOUuYHKfz6sZTmj_V6WXCKKlZZq4I35I9CaAhm2Wq4Uke8Q4qmTA-uTxfFFrsjwL9XqpcsBnfMrisECFVP17stqoCfaGTf6aqnbOekyBpz1ukXCoduvQlo

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: 3f64617e-18bc-41d2-83e7-06d8e7a4b360
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: bb7f4475-3f7d-4b56-a17e-1495d6062ef0
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB3115hh4WxWCEfqYnob3lw%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F754
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

170 B
188 B

70ms
31ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
AN-X-Request-Uuid: b66c62ec-1ea5-40c2-8b96-a2d108fd1c61
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NjA1MTcyNjI4MDExODkzNw%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.19; 217.114.218.19; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 37AB 41 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BGiAPrFzHoLQlO04sNm_o1Cl-537VJUbOozpw4VWfJR_ZepHtiaAipTskUrxOoyjD407U7ZideSk9Q-N2WHX6sdWxVqc5v60MDHxpGPMgIhIwhExQTCZ4eFucwXwHtfD_lKASNwvxddROG0Tj2vrcwvAidWl3_W6Zrz8NY7TzjcvaUf9g&cry=1&dbm_d=AKAmf-BqaurdMV2-ZyxmiRW9b5IJ5FYvYcPjDz6uvltxQ5xQTi9X9AQZWX4Qxu6vEhKUrE2y27urhdETHwLA26ChVrC2JH0_40nYMaCxqIIZOMs2kzi-B35OTMt87t5u8dF9RtIrcZFPERxMHW5ilpPlv4IAal55_kk59_1NnSagmWFA-bY0Cp4wLqwPKQkSGsx3zKdmLWsW4PGGymy5oeLqiVfiFCzWdycOX-FWMGY9YjVs_fnfAZM8dJ8R1toVFn5ts8XInKYtSJAYW1GBOr68h8uh0j4pOECmJfa3CkfRwrO3lmM2hkasN62gVidaEY3nbt1ySiVIKU4B9j1uwv8MYLyUAE29Mdfx1AE2j1Y7UseOntnfs3CFX4f7q_DJAvw4H8fwzc0E54mLV48SRyVjCaaHLM9nEYz1wtwFL1n-1l2SfhrDhWRuWjwaYm_u3cPDxo6a69PRRPoHDkZeBoOt7FuTYc8Q-XEQ6FTTcK6odv-M-Yh3TR3hLV4O4XD6XdWNn1I8Htd9vSIG9hCm6DjNirVYSpUBd7ObIh7NLgPhgYeWDDQa6PIh2va34FuM0ErTYSflhuyn2BS2sm4vr74w4jTLoW84Rrn_HvzZN0b5tv9vA_sQ9ZPztpGOhpTPXIbaEvv_24_etrX2zx4S-Lknk8TBCFHBg50-IUOesEFH66EsTdmJrV2Ji_XDZ2vMtNLjad9NjMLfyIY-MaSbMxWuQrj--w4Tv9b8Yjn-cSnuAIGWKZnuw1R1BJzCwuIbAAwqjV9hnAHD2RQHrVv1fInKMTkK1WmwQzvfDX13H8SBCmpQLWgQKmomms_od9KDnxUTQyVsQZtPf9XdUMTZSuEeGS-pDWTg9QkT1TIugsomQJrjibPVdi5gFDH5l9EMafhTGvhv15Ap-wVMnPojY6Fkh7lVP-cs-Lg4L-pNSQCkFyZr1ZMt_jFym-jkqEQsJ-gWu2Qj8FWHO4Hoi-to1M-Ped4uQwXbC0pV_l9tmskpV_B8gtjrNoA9vA4JiLcTgLOXHN-_5bQEDUrrq5yxSHnKdGKWledjcM3A7IXWsxsBT2QXpkQPFiQkmSBVAqZBqxCaNaI36XCyTSOEbRzfrqVftRF3_WOXQBAUAaCGpuZwF93QR6pCvxodNoMt0a41At6XrsByFp21Olnhp1bpterlqF6uEWlrG_uoawm9dg0avdWoQiMGL57uKZwAibe1OPAvwqIU8w_VUq2rEkt9A7AZvGZ_qCbxgsppwZvgz9RcHqgjf98s7A1gmuI2b0JsbT9LizLc4L-Xx2CDd3M2S1RTSkpCaSXWhrBnhhSQx-9x29Yg_XqnYnFU2TppF8zERBB1GLVXMNGhv6xMR1pgZZ627_6npGqU3Dyxw0Qj4pnsHNPKq1EAI4MjE-iJNGRJ-Z0LJYrw1_taMx6kLtIocW28pq6TXsJv7Otatlzn8GKYgxAngxpv7wFIJWBNzw6un0LgAwnKjSKd8ZDWPzRtMBnnsIRSS4O8ZlNzh43ImMI6vfRN_yssm2MQv-DJaYFe3PW_OxobbTQ5DdUGvZ8vMgxIWDW3KBcKI1lsov_yBS35qUQ5DewBEsGdLxvQNCRwFKJAqzg0WUgYk7FI-cqMJGP-F0OdmqMfgs3PKeuanQtZ-fx5aL9Bfnw-JgbIz0HjbyddlNLQSHuKXOaTKT100fyXF7FBbSRbuoQqnUlZQkvzbKDidqIbsoDhoaO4dBCvoWDvrdTsMx7Vt4SgPgVHY5hN7f4DkUwtRLsL7w2s9BAo_lI_ap6ZIlug_bXKAiWtMuv5IqRN_f4Rbnb_AodUVRtUK7EtGB_eLnrLX2OfW1Hq6UIC-ncmrKHlB0mIbVr6tX6JDNjL4dnyWm03d0JjQppXcH8cxTRacZuD12Uxdj3aIihyZmzqAgTD8NKepk6sUHHc0_hweqsWGyzcfYZEPoRMnDdFmyNh9GtgAT8HaJfwkNoY_hbnI156LksDFk4jpdprMXAsfv9NnAQHSTcIG_Omxu964SG0IwaiyyTmnOaoDQElPDpVHLe7SdsPF_GKn-CFafXz9JjI3nINoblHRk-Pv82W3hvPDcwz9t_TzycV-Nfdow6qVQ1xIlmfsrfrEMVLwBvN3h44m0qYkHxFmyoENwaKxbtZPtiqrPOEiOf3JwKCtH335CF1mIBVr66KjFANyIDdX6WQaBhiGrcmVDDVePr2ZVMT2RZFqetMQ2k0b3_7T5fAjYEFIeXyU2FH_FiFyUMkBKtUkym7KlSoAzvH1ZxZhci3LL0u7VINY2F_09K1XSoufctIxbO6LvT-fqX_LsIOCjZ71ON1e81M8UCSrIPmio6J9cxi5_hpQH4TywBTcsPdfRIFNukshpxDpCyHm2TIVVnQbLNmSrx5cgZHv51kGoTG7y3EAqGFxaXYhCu9fl_n8w0FPbufg40sjKg2pqnA8tPCkmzh6Lcu7BYa8PsSbvBqeiAZgENG-1JrtEyfivJcwxAx2HcVTKDXzVMeJpnYURnbyrdvLu14Sro5Tom7DG-kNqZRn5172ldpJwDHgpfEm6kMySyzBCFzPezcOnNR5ZZ6YvZzBbS3Fb8ezydtoFF_avRxVBv_IxBxKkRkzXfizVyeguQyppC9bzRpXI9mOe0Zn53YYoLhNzg-fv6wB6YDDSQuacBfgyypB8P9OMTYDqiV7c-F6fbj3NUrqBpI8oXw3_OkKkxrR3aeJHtx7thlKuZyMUoXNeXFbu5NWA06HMJrDNYVPaJshDCQmzB6wr3TkkiynF_ehiNN8GQGumVTcZjDnEKi9IfekQV3uhG5656E_zAzBNtXb1jQhxIN7tiQiGBp_RNM74uMoY7pVpiHY73qHhZP9KqDjJbKHtP6POTM0uJvYccatBrxXPCjmJZUIVGGKSMC5CE10Fmc31Ql7sEvHzg_boS9p9q9ZCA4meP_VBBNDCVnb8mFG5l0ukEsxCJWUf7CDHoJsoOU-tD4EdE9aj9CrFEZOSivW4bDKbcmKlns_oT10I66MB3bihGWEZPJyz6V7EOZ0dUYfZHBQtXsVYkAUl_nAaWzfEs-ZL6U4ZA3wlmuWMOEziL0My5r0PVAsKYv5llvE2IS0tGNLBS-EfGgYmkcC5iCUrTLCVbxX1djhIa3kIwG7232Ge3ODGmcClQoTHlrRURj-0s0_4b5czThnxmhI-VW1ux-zKLSe4mdHdzHMvcUE8_F45qnyOQ2PiUBc_umrhtGC6_jKuyMMKneX_Qd5kxz6XXt8XeEathMfYw1GEp3Iwe9wtqcE-RRHHKdZxdHhJ9OCfdKyIO_OlqOAd1O6kwpyk1qpSfi2Wd7OY4Of16anGxry5uiwuMToiqaN9ik8Z-Ch7CktSFh92f2VS3AAPU4WvKzbdLBq47J77RN-tPZUG6jXsZpDbdzXsqkV-vAXjd6qvViIGDYwHNwyClEFulbaETGD5Ep_8UZd9oCde9GDB52Zrs1sNkxfD2KVdB0EYOWz3x67w&cid=CAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT&rfl=1%2Chttps%253A%252F%252Fwheregoes.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 12:06:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 285727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:06:40 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4CBB 41 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DkKiUjQgBxEFFR2_r19rhl8OpFyKYEQHcqX6DoVANRX03VNnc_NcLxxeg_pl0BNPYOrggLY030RpWKTIGqR439XynM7nD72Rd62q95YYzlPRTQPnbNr7xxnALCP01f3QScNl7RmSAP2d_Se9Q72bsWSGAFxYnYE2O1FY-YMHOVr03k2hE&cry=1&dbm_d=AKAmf-ABtKWL2ubaZoqsJs_HoI9vwKRJ_eqhSWOG5U7g4ap1ltqh75QBhVZ0mYXLCMsc30hD6Dh75vo9bDIIGMrEFQCk_9XFNCE3lB2g5--mV5LPsC6Ifcn3vEeNbZ10TIL1cZzAljmMJU8M1hO7-bG3RCVBU6UMZjjXfRD90eWLfiiBUbNN9hTXn9yUTyKksMxzW_XB-ttO-gUIivgeeyYzEEYRIej0bdNDJb1qDlbOfyHsweFnEw_qN410KS-X7iKJSaznOcXjNssKJ60kMI4E4KlWMwqNo5qHqBejlpIyhHI2-1SJBfEiR95o-ZsGxb3DQhrRQ9uCBWok-RVkPGHKhxKHWbgFS4rrJGPfpnMMmsbxcJymsq88En7Pmss1iJC6I-4w88EPeNk0GZbhYERgV5OcQStgfdbQ8y-0AS_uwjNktuZU7KwuDa0_6jhiglkNSP0GQ8C53FGn3F59TBnB4Xn_t2XTigxmNRfb44tDNfgaEktonNeC2PZWZARjzdAAfz0Z_UWurtVKWM6weewLLGayGVQOxqkuLypcT45WUuFQ2cq-ynZRHjAgWAGvLj1l66cXqRt8_l75uaM_m1aYYq29gwlPihUTfzEmL7Di3qTiMULRbcbHFxc_Yvl8WcsqI50VPgXTkbtgMVmwTvE_RGADqnmG4uDF1D5iUcTH8wRIlpElQWHnyMSAVMV3V4qlhE55ffyEwhigaiYMbp4l_d1EajUNln7e1OJ1qPKBsfarIldmsogluYnHHNOoX-g-mm2WTdZlMHCX11B4UKGS8K3_UChOals-sGnapCxZiwjtpbpFyw4Ru53S5MM6AsIMig3JQ5RQJ2lz8-wcf8Lm2Ty2-TxMDCRc42nIe50Pfr_wC4d_GEpPZD1DeWIzaRORxbwqOdTBJIkDFkdQJOJcX8Jgv4Edfu5x7H-KyB2XizruXZwbB8Teqa0dS1gbfJLfYvvecBtpyppaCduYodHwwVlCsbUZietpHuhhRo90qS3UAW9CQ8i-7L542b5vafSL4P2RJZ3NzzBNRQ-4QrYrn2r_vnRNZ5dmjS3rTLSlmR0gWyErwz6psiKLnB06r54QIreEHHfaEWvE5v4jNLF6lJeL6Lf3EncV7mHU9OkJ5j369WCg5fCWYvpTSRh7rhJbXuBUslDR3iYbJMObZ9BtkZwA3zSHHPGPh6vPl0NR7bcLp511s1qsExu5b4PSslYkvoC72ufahbWRQrHXy7NHdALg3ILCEkE0xHlpb5hx6WSxOgdhYBUJNYmXrAeucd2IcC57QyWAtOrfoRD3o9UH3erpCOMtrvFsJ2UNzsNz7vBwol9rPYOTdgbinPB0usN0GHq-3WyRSjvh8WPnpvnpIet09O5fPz_1VfR9KpcG9nS3I6jHD-QbVjiwuC0suZl7KtJVwO7sftTNFCY90kfl_afdfnYs9Rp_7ORgevS5OaGu0bP8RH68dsn0jxreTPlDKSZPfAkrLJC9XdeBGD7mAohGtQfLi1anxwY22bMEBqSA--vnzSNKnIn4GvLExGF5MOqkGr2U1oyw4t_d-ZkUUwbw8365dVOEuOnXfCXDh4c0XW8bgthjO2z14I_u_NPin6EKkAxGst2q86iUujaGs1c-HTHxeb1lSSmjk53fE-8POB8u78q8vCvNcjgXiA5xCm2cQ5RxgE1QyAS_l4hclDFVhlSKz4ag3Jq3vyzcZXRSW7quIZnPMSs5YNECf1dRnZsflYBMI8-W8t8Ytlj_me4_d-M0gYEF4GAb-uIzLcjmQY5pw5LT7hxJR3vCSvpq7_vyjunxFfMOrknOGBDL-kB2iBNm5HkjImWqhXs8dgenaSOUXNO4OF9cgpdzU_xqgl1aG6R76xNP_TdKoRJIf0CxpjxICBeKGZIVkW2ghrfsTRXsxj3RX-63QjArW2UxlRVRmT8ha4gln_n9oAYHs2DPkKwDiwSI2pYa8yq2Br8Xg-IGHinCziIOmCa3GLIvyrcst-leEAm5_eki-vHut8BSeY_LYGnt2rrPvVTCVcoHAXQNACTEP6VaunZHk4bIE1gDtMEzwWN6H6wimY6q_mM_9WXyJ8voKCsSeo-2OY48vTNzN_eztuO9lblYm8nDjfjP-5wzUsR1NPuizTkUz47CXQB-GuspavNWrXhVKr5uGh0JFVldfJ-LrtLJO3OTT7Y0lXG9WniGTeUAXwg2jWbXbOr_A2ult7mymhbHw7LjaCThi_m2o0CU6SgobYMg2RLd66SSfhcSYdHjXRPUyCIACO9XbSQMmUmkM0wjnXcDOseYDX0ubABTcfnvA-rKH-8o3N2h2xpp9SwfUXideJLTruYzn7XQBV71QH_TnfanA4F7eLs1QdI7t1x8W6MTcK-igAgn7gcPCyV3UTKIMv0PUe1awCdzALvpftkZCCwRrhiYbOKhLdXLog05Js2i1jpcjH0fgPj44KzxKKQHO57Rc_BYymZjqaEmib5DJ0-ecdMukoV-_1adT6OIqORus06ygltWllnwINm9ov7y6WIPyJFCakiW5nZqbVGts81ui7vp8O3S0yDoF9QKpCjj9sKPN2BAoJ7SIEX7-64uh56TTfzt3CEx32wJ_YCGALvgVZb-40naUUsLIQs8PvaXinpmS5MjmDwYAbKCJrBRzBuyFh6UJTUgNxajN8kKO6a9GiPstn4i5MRUygRWBFuEIKU2OJj7DsJvzzTYeTYhNdvk8M2wIHzPCYLy0dGaoBSDEU9dkbaiOwtoJ6XFAxo8JU9ACP2IHPPoJoELMX4KMmh-dncfHxuw1__jZpf5NDhX9DAgQ3dFp4V25WkydE7ANKba6X_TzqApjpRPVKIspPogYasl66fo9LhaOe0Ra3xEXm1sOZs_9gbZsIQmgP9dVdpKn1UM_HYLBrcjODBTfbYmWTClf-knHWZCNJpSCj02No33k7Py7XOCsg5ahsdRL5vK8pgS_jh2g6ULUApZDFfmpPfXFNnSV7bujrzCsE7t_Gjyo1d5T8YqzmkLePpxlMj-sUzRX2fAQD_iK-wr8l2afvEo4PC3TtQvbIxyy-KcebJUV8RQAjlSwiWqudLSY5bgNFBcrh_18pqtrVI-wJVb-Zi90Yosyt5i9HN5Frvtd8jynG17PqayfgVXnJXlFaLMMvmKCEv6iD6D-mYOAY-aB59Sdt434LfFf_04hVJxLCEPsLaweadnjc_PjKlZPZakfI4qeFhH-o_ch_3CP_DBUPBs0jg_DjhL4YhMDDEUMcSX2hUgg1lQUMYINqvKmXF2EEBflOT7TVzVsgkA-Xtk2dNkx8tj6xMAn-EJQJp6Y2CtS_lB9w6H4Np_L8b_FvZU2gWF-AyR0AfiaJ1NUqikQPlTPYBHL0yb7bDDDyed753zluMbJxVXx6yNsDsDxy8NpgDY5EYEgzFV0F9P_xlCmGIlW0hjWVYLqRNXLXaC1F8DOsEouitSUGOxJJzggzBPEHkL&cid=CAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT&rfl=1%2Chttps%253A%252F%252Fwheregoes.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 12:06:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 285727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:06:40 GMT

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame 37AB 11 KB
4 KB 96ms
26ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 583ebc14ee62b63c17cb86c09bb8bacdf69e8f4b08f942d077504b0100390790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4114
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2

200

sid Show response
mug.criteo.com/ Frame D481
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=E30fEXw4a2syNEZKV0Qzd2dlRmY0YkYvUTFDR1c2NlFYdWw3c3ZLY0FXbXFyNmVPYVF4NSsrbkJJcG1kbTVnTlhrazNuRmVLdlBpNmhJck92aGZwdnk1eWtaVitNNmZxYlV5a3Rqc2JCMzJ4Z2h5VVhMK1ZSYlYrazgrTl...

433 B
655 B

307ms
27ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=E30fEXw4a2syNEZKV0Qzd2dlRmY0YkYvUTFDR1c2NlFYdWw3c3ZLY0FXbXFyNmVPYVF4NSsrbkJJcG1kbTVnTlhrazNuRmVLdlBpNmhJck92aGZwdnk1eWtaVitNNmZxYlV5a3Rqc2JCMzJ4Z2h5VVhMK1ZSYlYrazgrTldNT0tsanE1blJvTzNGKzFoVzR0Q29nb0UxanVvUGptWngrdlY5cTh3aHphTkVqOFEydDBJQm01OUFYTGYwaGpYeTgvZU5LeXZHdHpYRlFsL1dNSWZmaXFwL1kwNWRPbGR1NmJKSElPdmFPd3d6L3ZNYnp4Z2dNUHl1Q3E0eExMeDBjWHJkVE04MW5YZmVkaFFDclk2R3R1VnhyNHZ3QT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fed95790361fed865243152e0bf33d75386c110f629dd643e56d9663ff949e99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1888762
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=E30fEXw4a2syNEZKV0Qzd2dlRmY0YkYvUTFDR1c2NlFYdWw3c3ZLY0FXbXFyNmVPYVF4NSsrbkJJcG1kbTVnTlhrazNuRmVLdlBpNmhJck92aGZwdnk1eWtaVitNNmZxYlV5a3Rqc2JCMzJ4Z2h5VVhMK1ZSYlYrazgrTldNT0tsanE1blJvTzNGKzFoVzR0Q29nb0UxanVvUGptWngrdlY5cTh3aHphTkVqOFEydDBJQm01OUFYTGYwaGpYeTgvZU5LeXZHdHpYRlFsL1dNSWZmaXFwL1kwNWRPbGR1NmJKSElPdmFPd3d6L3ZNYnp4Z2dNUHl1Q3E0eExMeDBjWHJkVE04MW5YZmVkaFFDclk2R3R1VnhyNHZ3QT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 5567769
content-length: 0
expires: 0

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame 4CBB 11 KB
4 KB 90ms
26ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 2d7641f7b5b473683be83ca5617e2f0b166a56210441e1068795b7bc01cdcee5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4106
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 61E6 20 KB
21 KB 63ms
18ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 22:12:48 GMT
x-content-type-options: nosniff
age: 508559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Nov 2023 22:12:48 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 66BE 22 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285726
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:06:41 GMT
expires: Sat, 18 Nov 2023 12:06:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1394 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285726
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:06:41 GMT
expires: Sat, 18 Nov 2023 12:06:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 66BE 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15969
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Nov 2023 09:52:42 GMT

GET
H3 200 Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 1394 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15969
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Nov 2023 09:52:42 GMT

GET
H/1.1

200
OK

request.php Show response
hal900028.redintelligence.net/ Frame 37AB
Redirect Chain

https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

133ms
85ms

Script
application/x-javascript

88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: eddb2dfb05559be8a45c49dd23a69fce16b725cb6f095dd06ddfef5d6fe8cc0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 14729600107493104444978012150028
Connection: close
Content-Length: 1089
Expires: Mon, 21 Nov 2022 19:28:47 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 21 Nov 2022 19:28:47 +0100

GET
H/1.1

200
OK

request.php Show response
hal900018.redintelligence.net/ Frame 4CBB
Redirect Chain

https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

138ms
90ms

Script
application/x-javascript

144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 4a06daa8ddc2c39e431042412737d1f4b3329de6a88d9420583d3d4fbeee3ac9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 96380300112447204444978012150018
Connection: close
Content-Length: 1089
Expires: Mon, 21 Nov 2022 19:28:47 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 21 Nov 2022 19:28:47 +0100

GET
H3 200 Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E4C 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 09:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15969
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Nov 2023 09:52:42 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 66BE 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bi8_Xb9F7Y-rUD7mTjuwPjPWy8AsAAAAAOAHgBAI&bg=!m5ilmNzNAAbvMpMzzzI7ACkAdvg8Ws1ZZYOJgMEoqykCjCzI339zeU_Zab3ENB9ZTZWywCDNbBN3EgIAAAC6UgAAAAJoAQcKADdN6fcweTMVbMtNJQU7OqHwLt87Kqa15xq1D2GwJvMJt5qeOKZzEUN2NxBRPrlipO6z-5mW79fvmQL32kbtvtynFNJ7kWkkRGaTMOq8dWitTTJp-wXCr9YWEz8IyiNJcYr5X2TztYatvdHEq5uGDbOSnWyhJcjy3qCVW-go8DP4ZAjYCLwUxM-nHOlg4rVzJ9HV7-lZTel9Nn3zBsV4Skbn03n6FR_51kz5zOLOC_vheA2oGMTf0bJI3AioexgEebUc0Ao8pF4SGNzrYQIIyyHdv24wXHfhKyQkVlLzoLsk8TuHX7H7zBTTXisTjlZVXuPVehHs3zGjo_Q3_oFB1PB8bIZkGB6N5AETLrhgZGz1oSYTgb24jMTihI-miSaQBcOZRY5iQfIRPB1omulXZp-cwjaO1g8vtZD6ePWY5iXcgsQ6GoBEGYYbGLye0azBQjHHktwXHa1T05lhtAHqHVwlNuEylRgOX7C-q8Lk1VMXW6AlxoxpRECd9MOBUOUMuCBFzxmEPc2rC_5amAOIBoNOT2c79uf3XeBap-pypQKMil2PwBipAb8348OiYxyYFiKVn6J2-eBOcek631poyC7vNmZpYsrhWNWQtGeV526QhTrJnvGNxARzDx5ecurzGAzgr32lJk5kSar6LGO0H2i3AmGJG2or6-s0G7KXAY3KfHhkW_cvwPN7jnqslLHsvT5sZo47Th9j8qKD2h_poXxtB5j84V2BuRmaWgZ7EIYflI3dc9gUWIn7PyWOy3Aspu6MPT0sY2x6gcwbhQTMlMADiXb1Ig9bjyHwxeBYvHFW6BeCS4j4ywefxdsxzcdacDWf-ZJO1u5b4a4KmMoetVZtC1sqWKsySmgQq1znPqm5HXNzSp3LMMu4Ey5Kuj5ponOusv2pkx9I-5lVMTSIPnejCriIWSbgEEVeULeToMzvZLhcR-oCibiojv23DwifzRY30BvgdcnLCW6MWPJsP3TK71OfMGbe5wmPlpnu1pb4veTkLUP8wLXVAPWug5c1Eur1gxEBvmhVyJaxt4uSIcClDT4OTrrFHjIoZ4c9xRsjC5UK3bEFpOi08WIJmy6XAstU

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1394 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5qT2b9F7Y9TPD5mJgAeHtbToDgAAAAA4AeAEAg&bg=!ammlaS3NAAbvMpMzzzI7ACkAdvg8WiEMGUlMx33tpe_zNSu5QwTOseBePXkXQLmssRAEwvfcO_Ff9QIAAACKUgAAAAJoAQcKAEVzf6rUIPM9GJ1d7zBYygxpyiuCzdqj4wYSlRT5EvVp12pkIA5JiMK0LfOs-G6VMl7LjnaGbn2AN_TdI6xFieDcyAcNi2mZAvLNwC3PEL9RtyUv4lh6tGsyvX0yMJNcMLVRqMrTg6oDWCd6u9O2OdBEPb2WCiYw2dmi6NWPPutvcFPuzn_CD2Wasz-_rk3QzjOpWZGlUSk7s0fdHyUXSp4ZdosTWdCBfZcxDRjcZjw3Nmw7VWydrLrhRJMGEdY5wYUpQSEgtij2zopFJzYkp-Slp1jL79yGPpG5DTIL91JpZttIXaN4NjQGgtn5pX-AJifhlD1RWgZO8mag7biQYObOvwisvYxztgGDI3TRYyxfIGoOGyw81qEolYjjRQuHM5R6pMP28GQIaiea8klm-ARgPa2I5lUvcCW1RMVYMaXeXFFdI1WGSjzMjqSLy9TgkDFWf-D3K4xe45bYcEIkookVwmr2KelEQI-5y6AOp7aNAp1ezhMka1fHt7CMqZg1BxIPQtBf9w-MCAZUP5ohP9MmBoZxM1agcHIbkTjScZzYK9tub7gAi6HELpcYOBGj9_Fi3NaNyHWx9nQJVe-mztfqzK9LnRGL2SJF5i0cQgE8ZmyM8fXGKhY_9ur-EPnv0TEf__nWz-0zWcrdcg3g6bSORHRPO9HRGR_9x4egFv2HmkqHaeSePhpNyFYyX-wxTvzM4nRBJm5znR2zpcNa71P-dKuDlew1nHMRPWEFJdU0f2DueZTjKuQymsfvom6ppLLEENevk7dvOS4aYliAeMAxJ8AV6vkih6MFizbZGDzWKr3OxVkegvRsUr7l4_os4a58ux7BqPlyaoDC4NyZPYFD1a1V0Y5s8Cse4K1XzU-bnekWObJ1teCb5h4CWiAZkIDS7ZoGVb6AofA_LPwqzh9TkQ9caOR6bsa7-m2vpPq6q7LKvttDPUPh8WEOE7Ur_xmbwOulZ4U3gND1KOchqKmwvq8KH-wtYlc_6HaZ4LFbOXTl7M_BpF8Y6gVI7pll_jU-b-DC3NEWTkQ1dBFlojlFffXIrbY71CDf7A7nkSI6XTk91_F6rTzw9DiBMJQlRFrCHgNSICDZkIcD

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame F3CB
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=14729600107493104444978012150028&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=14729600107493104444978012150028&actionid=981741&produktid=&dt_url=

0
606 B

92ms
34ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=14729600107493104444978012150028&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 19:28:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 21 Nov 2022 08:28:48 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Mon, 21 Nov 2022 19:28:47 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=14729600107493104444978012150028&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972DA13:97EE_91EFC182:01BB_637BD16F_21C045:4673

GET
H2 200 / Show response
adv.office-partner.de/ Frame 01A6 930 B
931 B 124ms
25ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 21 Nov 2022 19:28:47 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 28 Nov 2022 19:28:47 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 37AB 2 KB
2 KB 195ms
101ms Script
text/html 13.41.118.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=14729600107493104444978012150028&nw=1
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.118.175 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-118-175.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: d03a6949303f67f2d476666d7272ae6cfd19b50e5380f2de5827fac474e58b6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
last-modified: Mon, 21 Nov 2022 19:28:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 21 Nov 2022 19:29:47 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900028.redintelligence.net/ Frame 8B4B 7 KB
2 KB 76ms
25ms Document
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=0a4735cfd3&subid=&uid=3dfb0c2d0b84ecc3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdGnrbtF7Y_LRIe2S7_UPnYGjyAWm5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTyAU_QsmIR839lm3qu12opAgObkPanNRY4hkLxCqOSrVvDRN_v7L7l84ohBsvMG8jDmgWRCLpyn1O6sggi8XSavNPc2MK-UF1uFM1PmQpAblwsCJSs-FZzCAIPBBSnADKo1rEIg9Wr_yw2sPtw8xeSD7x3W5irJ3cZWfvXXB41lLYNtKy6uHWnjG3AaNOn-dllQeGW8YwFhLG0H-dV0C2Bnu2pjS2mn9m4C3Urul3r2cgvQ0bCqHHyp-Dv-D6IDgz4YGjOjLxiDh1Bp525t1GmcYnrxrH68X_qdpNf_5lXrXPPBRG506rwJ4Ld6HHZYuj7FERZwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N983j1qIkyqZyp2b3eTZsOy29m-2ysD3XJSL2wkw5unetYXOi_WttdbHE4Vz4SpI080uG_WSvGiiHLe0IUpXHKQIF5gXLAnP4YASAT%26sig%3DAOD64_11eIn0Pup7gJUf7bSKfbdnbYd5BQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B_jtYZJoWarOFkbQMoD16PWTzwsLgWBn5uGu3-Ym3Rh4LmNcmM5yAT6qtZ3MEVdMHgmMgPGZ28aFQllZjQOrwRqRbEpOeCPmgVPkWdQzVGZhFALeO-kDqKcyuT7KoPTzivxZ3Grp-j2ifShiyoip7_Prg2MhmB_vC20kJDSpRgsFDB7YE%26cry%3D1%26dbm_d%3DAKAmf-CKZhqp5ibmwHW_YrIXPf1o6_B5F2WST3d5-cBuTtAhWZCUdqVIxHecMThgxT0IS2Wd4MCMGcTmjPng0xgaNBk67Gbc4WymmGd6JWHHJSGnUVvMEjlsnQCUly5DRf2XkT-kQLUCG8MBzcqNjAvFWYu4lJx1h4GuKI-ZyHoXwmxpQTdjhLtpxj5IDe33qblqxPMzl7lJF_DWfCdJJRSIO2omtNfVnlDYoE7bI37y4x4b67MjPqtE3V-bB_Tw2weCD3Gr3l_v2h4kEyL8MvlbPcW3WyKYW2xypo5vG0N_idD3tXLCSXe-LA9x8sLwGoZaP_P28gfskW4Cvu2RzYtLHZlRVB9nRlvjXuuQFo5dRWGkJS8XbbPfeR4XIiUo6Y4CndbHjgVTxP-ObFfljXoPVvAXJ76bbaGAx_l311utpZPAb0Wx_919EiFneHorkPAYrH5FMTQrjJrvzYIcbkzzLooszF3tN2p7jEu62VKm2BYvVvobjViS6s1_FzWHCHCNvl0MRhIlW4wOaSlWTCNBgEk68By832pFV6iCi_Q7RliK9eIu3UXhJOt0WBtHBhhkGm9KRcpg%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=696081996951&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: b829ede30edeaa82317197752de530065b3443579114e88a9cd1e7e77b244288

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2066
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Nov 2022 19:28:47 GMT
Expires: Mon, 21 Nov 2022 19:28:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 37AB
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=14729600107493104444978012150028
https://ad-server.eu/wm/pb/native.png

68 B
312 B

226ms
41ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:32:16 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972DA13:97F4_91EFC182:01BB_637BD16F_B52302E:491C
X-IPLB-Instance: 40027
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 37AB 43 B
702 B 167ms
69ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=14729600107493104444978012150028&pv=1

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 37AB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdfafe51888c20a0d249bce0be03366731f8dd7e8320c99827962dee1426960e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame A463
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=96380300112447204444978012150018&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96380300112447204444978012150018&actionid=981741&produktid=&dt_url=

0
180 B

105ms
36ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96380300112447204444978012150018&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 19:28:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 21 Nov 2022 08:28:48 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Mon, 21 Nov 2022 19:28:47 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96380300112447204444978012150018&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: D972DA13:97EC_91EFC182:01BB_637BD16F_B52302D:491C

GET
H2 200 / Show response
adv.office-partner.de/ Frame BB3E 930 B
930 B 100ms
25ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 21 Nov 2022 19:28:47 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 28 Nov 2022 19:28:47 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 4CBB 2 KB
2 KB 152ms
83ms Script
text/html 13.41.118.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=96380300112447204444978012150018&nw=1
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20225516906/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.118.175 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-118-175.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 11525a38f3c7d5c38bea31a800b2e47878785b9f1c85d086ce2a235351d50cb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
last-modified: Mon, 21 Nov 2022 19:28:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 21 Nov 2022 19:29:47 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900018.redintelligence.net/ Frame B12B 7 KB
2 KB 68ms
23ms Document
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=178016c040&subid=&uid=78703ea0bf0e898a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-MX7btF7Y7bQIcmT9u8PiryisAym5b2gab2YnKfJD_AuEAEg593gbmCVmvyBlAfIAQmpAtZi7PMgN7E-qAMBqgTsAU_QLtrlWH_I8Gb68C9G1eDnUjvtvLUPJq7N2Q2HFyAeFvAeclQ2GyYEtr47M_XoR4gdFuhOiBSYFUDocGI6XTvotyXCozStXD17pqI375JUISrVBIc365u7jLv4rVEkwFDswYILbAapFW2FYASn5wUCry41yhMWSgpsy2KI7lvvs2taPcfxZixIyW0mY-41kMrYNvITRSKOwFtmEeiu0FeLdQDKOuIw0M-HL5e3cFtEQw6sPVcwg5OvH7y2manJcjTRBpNdCJrKCPM7Acl0Oq4VN2UDkHBoXWV9icvwkv-3QdpJao_dUxP4aBSywATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9J3NV7PikxWVFtBIvF6QY7FLaSQs4_DqbF2SSgCTdN3THP4qPe38upMLnOkfgHau1PiNSj6_SGNhz7_WzEhQe-Tv8egbuKCkYASAT%26sig%3DAOD64_11XP8S9_JAtQBPqkMqmYAlV5yRZQ%26client%3Dca-pub-8731210765202237%26dbm_c%3DAKAmf-B2dS8pS5cOz1-n7wXQpzR6JZ0EJteN0SmY7bHmUAdDhhQE_-sOvzceC0yq6CpduZXRt2GZtjsUgEPYJbZfWNYkuRQJkzxA-cmVfwiK2SVZ43bX7hYqJ_4N_GzauOq9gNV3OH0JecFxiqLdLiOXzt4rIdrpbz8MkarLm4aJcKRu6qSTGXg%26cry%3D1%26dbm_d%3DAKAmf-C7BTD8MELBiDqbqlN2j34Zc5iI_AaqxjSc_IyuFxjbx6w9kZWdQy6Vb78E4wMFZYtAj8YzhS1veWriCDbcG2Kct-LhwxgQ7JvrSij64sHhdyau7-Yq-YABZ9e_0UdNe2etk8iZl4-nymiViIXGiFd9LdfLIwHkCX99MMrttCOeGunQvwuUkaYoTiHCh0dbeXy0VIVuvsgpzDa-UhKl2ZaDNImWZp9BEOHn4SFQbV9eE_MMVn822yRFWkDR1-HZ4f_N0NRFgQ-7qRF8g2lq-_pEba235hBRG8eOBCTGqfH1Wds0_mJRkrvtaDezKS4SlaER3TCreZyIPwlYywS72lUCBqCcVkFfBV_vMtAIVIb6Siui18Fj720-oRkhwZApeUDs1ynZFkAnNK8ofG44GfWpAgkgiwxa0ilJblMB3yNAdss5l2W0VTdMyn6JkpMpWb0u0Njz61B_9tc8nrrfI3uvS3Mu1H7glN744RnjZ-TEkEcAoR7gP2lvOFLKoflrVEZSdc0TtQZGlyhojDH8RwsI18im-juiePGbp4Gf3ozU2qO80lbIH2qJPmnTebA6zVU6MO3k%26adurl%3D&documentReferer=https%3A%2F%2Fwheregoes.com%2F&ancestorOrigins=https%3A%2F%2Fwheregoes.com&random=8098719010043&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 8c9eca660a78a831718719a359c918148dacb36ffa63ad6b89320fbd22b06673

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2049
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Nov 2022 19:28:47 GMT
Expires: Mon, 21 Nov 2022 19:28:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 4CBB
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=96380300112447204444978012150018
https://ad-server.eu/wm/pb/native.png

68 B
312 B

238ms
45ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:32:16 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972DA13:97FE_91EFC182:01BB_637BD16F_21C55C:4676
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 4CBB 43 B
702 B 127ms
53ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=96380300112447204444978012150018&pv=1

Requested by

Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 19:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 4CBB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51b10f043014d457da87063ff1e80bcea2071ac59ca34b95ffaff92ebf27cc36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022111501&jk=3037495171284003&bg=!ysmlyY3NAAbvMpMzzzI7ACkAdvg8WudJRX3srxpgHOVla8zl7tKrniuRRhu8HzgpIF5eBB6HAYOXLwIAAAC9UgAAAAJoAQeZAqhNGKOj_IRmI3rpUINliyWqSjGJwgMo5ZKcSkq05E4_EV8ora9hdjm46DZuzuN5PEqLGKCo8Kg-heIvKAhwzLvWnYcZqPvU6E2fbYjuUJBGWOCoogmqbhE_S6uJ9HHvmlAuAPsTeA6oi4AwtrxPA5kNybR8hi5ucuGNU-ZqXjBlgEEi5KLOD4xPBtJ7U6VqLp2MDQpWWWbqXCTBEWanU8_YOT0_BlwZmrfG-fBgv8Bhk_dX2fNKpcWCewFgNVNrg5k-BEWnjHXQna4xw1iGRg-eJcVt_irDEhBihtyHBeW5pC5qU6BMWJE_mvrB0PoVJDyGOYBEQp7lElkvstmqfY3ArYPOjYC-gOMuMcsGT4PqhbRI_IdZkqjWNOwHD6It42themzj6h1eokDzuVy-1dKWkb0-quqUHxqFPqfVVpzIagJmCCzDoMRVDTGK8i2KodZ0uh51Up9TmabBXRsAcZELP3MUR0Yg8LeuU-DJPaQrMGfqd3w5Zx5x3n47khktG9PXTVSJviMNMD8AbnnI11QRjES8hDB9uvwGkBWZRHl02QUjs_5jQPxiA6MeqmJkYJDzetpCjYaFm-FPPdy3CivmvAB-DSdYCMroXLjK82hL64QxFNohMmpouadlrFjmbYMdyPWo8xA9ivLDg6lxoxOXKXimvkO1bslest_CKP5766EdO0LxJiK7ODz_AIaVJKpfOK9WdElLRsD9K-Vjd00Yk03MZH-qMmAy3ZjhzTDIJdXQcbxiFcG0lK4wliEUtirmr1t6NSEzj75kXLXYsCSwC-iaLqJvR1qFsC3Z3bnlu1hOGjG1yMF5nmHWKRX8pW9aWJpmGXiD6HQs2_bhk47iuIJEMcP5hjLZHuQTDMx5qGiUDATrLBF-DT-zK6EM9q9rksLyaxusGg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H3 200 css
fonts.googleapis.com/ Frame 8B4B 4 KB
651 B 71ms
29ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 19:15:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8B4B 74 KB
75 KB 182ms
134ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 0d799fea0df4ccd3e0a3499b30cd5670540d581fe43fdcdd08f49354a313916d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8B4B 76 KB
77 KB 77ms
27ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 97c18b6aec81364d9cdfab1e0e1f18213e90f693486a8fac8e0be2fc69e73f9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8B4B 79 KB
79 KB 77ms
27ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: d1af635ea137f8b1ce0e85e3c9a019fd2ce5912c753f7b9d3aa14236aedf2c79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame B12B 4 KB
651 B 54ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 19:17:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B12B 80 KB
80 KB 188ms
137ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 7ba9f3c3ce3ca39c8a783bfaa87b75bd40293124f9fe1a7710dda9814206bf09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B12B 81 KB
81 KB 188ms
140ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: a6eb68b0b4a55d4bcedc803010fa4d495e6863743e91be70b42db05b7669aad5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B12B 84 KB
84 KB 147ms
96ms Image
image/png 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 10539a11ab08fbc081425d21726f073b6c89eeda72c31ab980521500f1fa3bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 01A6 102 KB
40 KB 82ms
28ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e0c359745a9880aa68d95d4ecc1e789dcab34d2fff8c27ae8908ebd71bd4c84c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40329
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BB3E 102 KB
39 KB 104ms
51ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e88a1fef2ace73b45697f5fdf7e648de62aa86da095498a59d14f1cfde23a99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 19:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40328
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Nov 2022 19:28:47 GMT

GET
H/1.1 200
OK viewability Show response
hal900028.redintelligence.net/ Frame 8B4B 0
150 B 72ms
25ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/viewability?s=14729600107493104444978012150028&a=3f2cf7e2&vb=m
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/request_content.php?s=14729600107493104444978012150028&a=40ce0f6e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900018.redintelligence.net/ Frame B12B 0
150 B 68ms
23ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/viewability?s=96380300112447204444978012150018&a=d6119a4b&vb=m
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/request_content.php?s=96380300112447204444978012150018&a=42da6f67
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 19:28:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 8B4B 13 KB
13 KB 58ms
20ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900028.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 09:39:30 GMT
x-content-type-options: nosniff
age: 208157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 09:39:30 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 8B4B 13 KB
13 KB 69ms
31ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900028.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 17:43:57 GMT
x-content-type-options: nosniff
age: 6290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Nov 2023 17:43:57 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame B12B 13 KB
13 KB 62ms
25ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900018.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 09:39:30 GMT
x-content-type-options: nosniff
age: 208157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 09:39:30 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame B12B 13 KB
13 KB 71ms
34ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900018.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 17:43:57 GMT
x-content-type-options: nosniff
age: 6290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Nov 2023 17:43:57 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 4CBB 85 KB
31 KB 107ms
23ms Script
application/javascript 13.224.189.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=96380300112447204444978012150018&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-102.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:52:38 GMT
content-encoding: gzip
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
last-modified: Mon, 31 Oct 2022 15:47:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 2170
etag: W/"faa933973c404f8cfedacd4b67a60b85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: oykhJll5ei-J4l28PhlcntXS0xn_CldcnRnZwy6i319p-_98FCMigA==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 4CBB 3 KB
3 KB 74ms
22ms Image
image/png 13.225.78.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1669059227&Signature=QTca1g0KmPyTHXA8bw03bpVomULGvAo~CgVcQ-ZIzCdqEPBeXRpPhdqm3HQRIeyEcxVEkDprMLoHsxZaVP4g4YxQtpRI3g32UXMqie99HF7~pQ45hycHah1Zyq0lR2O-078qiGcrK6druLv-GqGlC~AGJsgLzA~pGrWWTKn8SSFPfMce8ZVonF-IxyVU-HoaFw8mrTPkEzS0vmtqNiPaGY27bU61JkgF7j7EfbLoa78LzEoxVi6ekB2cnJERKxSgZDxXGm9nKcwtM~KLFoa29XiNY-njyU5x5NdXB6duj9gy2b8Wx~7Qz5k1Qnw5WB-rqjTfpbvZT1ACSNw~VslOcw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-124.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 21 Nov 2022 04:11:16 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 55087
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: YzewIS710rjVbaZxQ7POpjZreAv3hjiraDCROf-hLJjemWTFuDeKlQ==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 37AB 85 KB
31 KB 106ms
40ms Script
application/javascript 13.224.189.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=14729600107493104444978012150028&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-102.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:52:38 GMT
content-encoding: gzip
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
last-modified: Mon, 31 Oct 2022 15:47:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 2170
etag: W/"faa933973c404f8cfedacd4b67a60b85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 49aos8WkgrcuzOxjYpb_kSkIXhA9XMJ7-Gw3WF08UPr5g1QuqvZJRw==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 37AB 85 B
436 B 56ms
22ms Image
image/gif 13.225.78.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1669059227&Signature=LnZ8UjhFdPfSlm0yAxVSwnPpUxf8kKdEELIBGaNU-ebR39nBoYS8qqD6keWFoHd7Kg~oWKyrlIFMT6AOiv8VC82YGCvGI3letqbwcXW0aErPHBDRVce6ELp-qcVkvupW0g9m7gk1lSL67qjEquWQscchyfgGb3wpyViUCUVfQ211Lz-9JK21zoVV7g5DL8wkB9jEDFwWhbAEGxzSZevjRsHTm7EPQx~5tzS0zxt5FJ3qAnPQ~FsDRZuLeFw4Bia2cCJ9K7SPHg5hgphm7g-YyhK73pwgbVGCOqHjg6Q3Nc-dnvm8lBg7U~wMtk37-iXTX0NSIxDeATONDj3IaSk2zQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-124.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 21 Nov 2022 07:07:18 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 44490
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: sc_rEjxs_2-Q1NsJ8S6Wv9ugdOlL50DLNOzWUq0QnJvwJw2jQkVr8A==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4054 42 B
64 B 97ms
55ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvjNpwPExjgLsozMgY-ubaOnPjJ4HP5DM0_1TploDPurMkLzAgW0QIcEWYtjvqi0IkEuo7xjKLRb88ir4_VEvnIYLY&sig=Cg0ArKJSzPQxa1aMbS4oEAE&id=lidar2&mcvt=1000&p=721,315,971,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3497999915&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669058926914&rpt=252&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1A3C 0
127 B 47ms
46ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:47 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 61E6 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGYzIVXE5nA9Yonn0i1tWY9U9Ymls0eVcYN88BqyKhVXG7Glzzep6WMF3Ni0tnpO7xSMWsuE25vHlPlU0Fp8BQhKkwU0UN62PKnTP5jUh8kzyM5SwipU-DtVI_mCPNIWwqBLmV7A&sai=AMfl-YRvfGH5WkD785ltPAJgE0I3JODsGZKabkorJQPCVlwtfP_57cEjOyeEuwcBpMDSBStMPn-iCjVwja3yH0H707KHY3ZaVq95rDiCCVWY3RYrfDO8Hl-p7cMPnfmRxUBd8qsB1wi8wldYcpJAkYs&sig=Cg0ArKJSzMydHvc6dsC-EAE&cid=CAQSSwDq26N9NXGzSYV7H-lXtizPUgj1WMu6XubyMuCoEeodKTR7CPjEVmVXwdDXnT1vqiwPs6_1cmAxJOR5LYavgXG3m5MvF6sPEJuNbxgBIBM&id=lidar2&mcvt=1000&p=146,315,396,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4055864952&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669058927113&rpt=358&isd=0&lsd=0&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 19:28:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 170ms
170ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJsZWFkZXJib2FyZC0zMTE5MDQzNiIsImdwdEFkUGF0aCI6Ii8yMTc1MTI0MzgxNCwyMjU5MTYyNjIxNS9XTV9QVUJfd2hlcmVnb2VzLmNvbS9XTV9QVUJfd2hlcmVnb2VzLmNvbV9MZWFkZXJib2FyZCIsImV2ZW50VHlwZSI6ImFkdmlld2VkIiwiaXNWaWV3ZWQiOnRydWUsInZpZXdDb3VudCI6MX0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:48 GMT
content-length: 21
content-type: application/json; charset=utf-8

GET
H2 200 feedback Show response
api-v1.wordmonetize.com/v1/api/ 21 B
124 B 171ms
171ms XHR
application/json 54.183.56.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v1.wordmonetize.com/v1/api/feedback?data=eyJwYWNrZXRJZCI6ImNsYXI2bDlxMzAwMDAzYzZkOTFtbmZoY3QiLCJzaXRlSWQiOjQ4LCJicm93c2VyIjoiQ2hyb21lIiwib3MiOiJXaW5kb3dzIiwiZ3B0SWQiOiJsZWFkZXJib2FyZC01MzY2NTA5MyIsImdwdEFkUGF0aCI6Ii8yMTc1MTI0MzgxNCwyMjU5MTYyNjIxNS9XTV9QVUJfd2hlcmVnb2VzLmNvbS9XTV9QVUJfd2hlcmVnb2VzLmNvbV9MZWFkZXJib2FyZCIsImV2ZW50VHlwZSI6ImFkdmlld2VkIiwiaXNWaWV3ZWQiOnRydWUsInZpZXdDb3VudCI6MX0=
Requested by: Host: cdn-monetize.whatstheword.co
URL: https://cdn-monetize.whatstheword.co/48/wordmonetize.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.56.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-56-116.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:48 GMT
content-length: 21
content-type: application/json; charset=utf-8

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 4CBB 16 B
232 B 89ms
89ms Fetch
application/json 18.133.102.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.133.102.8 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-133-102-8.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 21 Nov 2022 19:28:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 142ms
36ms Preflight 18.133.102.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.102.8 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-102-8.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:48 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 37AB 16 B
232 B 84ms
84ms Fetch
application/json 18.133.102.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.133.102.8 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-133-102-8.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 21 Nov 2022 19:28:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 104ms
36ms Preflight 18.133.102.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.102.8 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-102-8.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 21 Nov 2022 19:28:48 GMT
server: nginx

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 16:59:14	Name: IDE Value: AHWqTUltlE3c5ne862U7TvrV7vCefGcY14x4Pq-uhWo10NcSG9fiBRcwD1axRqWSSkA
.wheregoes.com/	1970-01-20 16:59:14	Name: __gads Value: ID=a3b56bfccea2d775:T=1669058926:S=ALNI_MZbBn1VJukt9KMnbMpwJ9b2W0veOQ
.wheregoes.com/	1970-01-20 16:59:14	Name: __gpi Value: UID=00000b8526f4b014:T=1669058926:RT=1669058926:S=ALNI_MaIRY-TO0Rno5HzVpejW5bcIVWojA
.criteo.com/	1970-01-20 16:59:14	Name: uid Value: 7a1bc73a-4c07-4989-88bd-f5a8a1efefa0
.casalemedia.com/	1970-01-20 09:47:14	Name: CMPS Value: 1185
.casalemedia.com/	1970-01-20 09:47:14	Name: CMPRO Value: 1185
.casalemedia.com/	1970-01-20 16:23:14	Name: CMID Value: Y3vRbwwZQDb4BE75mbv6dAAA
.adnxs.com/	1970-01-20 09:47:14	Name: uuid2 Value: 6446051726280118937
.adnxs.com/	1970-01-20 09:47:14	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?lpj9DK!]tbPl1M>e)ZlrFUfJ+tGXxp)_`p-:^]O_:Gb`BB'wNM_jaKaaW+5rv<xz3If)y3KL9D3I?+YMQZ<Q
.redintelligence.net/	1970-01-20 09:47:14	Name: 8lcfmzhxc8d6_uid Value: 249cede6b35f21b1
.wheregoes.com/	1970-01-20 16:59:14	Name: cto_bundle Value: Jii5bl9palNjaVAyaEFLckxTaW1SZTklMkY5VFMlMkJXTVdPbVBRbjNSSjRNVVdaJTJCVkJTM3kxQnJxRGZaQkRVYTBDd2JvNEpxZEMwcWtFb2o3T0JNQTVPQlRzaGlLYWJzRmU4ZW1JczdxN2NiSTcwQkdvdWJqaGdrMVo3V3I0bFFDMGdjc2ElMkZuU0MyVlhIVncxSUdpclludU1BVnFEdyUzRCUzRA
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 429086:2519595
.awin1.com/	1970-01-20 07:47:43	Name: awpv14098 Value: 296283\|1669058927\|b88d4cb0-69d2-11ed-9d10-2262c713b6c4
.office-partner.de/	1970-01-20 17:13:38	Name: source Value: {"webgains_webgains":{"timestamp":1669058928009,"clickCookie":false}}
pb.media01.eu/	1970-01-20 17:13:38	Name: DTU Value: DB40CC32FA0CFA99CB2E795A1D03D887

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2af09eae3b96f1ae638afa4029c633e2.safeframe.googlesyndication.com
ad-server.eu
ads.eu.criteo.com
adv.office-partner.de
analytics.webgains.io
api-v1.wordmonetize.com
api.fouanalytics.com
api.webgains.io
bcp.crwdcntrl.net
c.amazon-adsystem.com
cat.nl.eu.criteo.com
cdn-monetize.whatstheword.co
cdn.id5-sync.com
cdn.track.production.webgains.team
cm.g.doubleclick.net
csm.eu.criteo.net
d3div1mtym39ic.cloudfront.net
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900018.redintelligence.net
hal900028.redintelligence.net
ib.adnxs.com
id.sharedid.org
id5-sync.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
mug.criteo.com
pagead2.googlesyndication.com
pb.media01.eu
pix.eu.criteo.net
prod.uidapi.com
pv.medialead.de
rtb.nl.eu.criteo.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
track.webgains.com
wheregoes.com
www.awin1.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.111.239.217
13.224.189.102
13.224.195.78
13.225.78.124
13.225.78.128
13.41.118.175
141.95.33.111
142.250.185.66
144.76.91.199
145.239.193.130
162.19.138.116
162.19.138.83
178.250.2.146
178.250.2.148
18.133.102.8
18.225.3.171
185.80.39.216
2600:9000:2093:1c00:11:1ed0:3900:21
2600:9000:21f3:3400:1e:a43d:b640:93a1
2600:9000:21f3:c00:3:206f:ff40:93a1
2606:4700:10::ac43:266a
2606:4700:3035::ac43:b70e
2606:4700:e2::ac40:8820
2a00:1450:4001:802::2002
2a00:1450:4001:802::2008
2a00:1450:4001:806::2004
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200e
2a00:1450:4001:810::2002
2a00:1450:4001:812::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a02:2638:1::13
2a02:2638:1::17
2a02:2638:1::2
2a02:2638:1::4
2a02:2638:1::8
2a02:2638::3
2a0b:4d07:102::1
34.209.30.241
37.252.171.52
54.183.56.116
54.195.100.225
54.76.176.197
88.198.250.30
88.99.165.19
0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b
052286d9c4f2d1de00f94194244b376f3bcbe97535f2bcfe24446778aa567845
05e6c32a51c5697f76403ffa53963b2d02c53fd60f34066ef9b7a8cf1f106d63
0642d8a3ed59edc471ddcf34d5454a790200a0977bd22c14c4def4b896e00034
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
0d799fea0df4ccd3e0a3499b30cd5670540d581fe43fdcdd08f49354a313916d
0ee59c8e92338f36c76e6a01ad5fa77ee87f181a74722954d36b54a57ed0f04a
10539a11ab08fbc081425d21726f073b6c89eeda72c31ab980521500f1fa3bb4
11525a38f3c7d5c38bea31a800b2e47878785b9f1c85d086ce2a235351d50cb3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17c1a65dfc520d641ac19f90acbbb439bd737a4e0bfbbffad3733203abe9280e
22c8728d566763a64d50a672a2c504875bc39ebba29713ecd97332ca6bf163bf
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b03ef5cf0924cc2f14b4359c30917819ba75299a1d69a2577ff49fce44ba29a
2d7641f7b5b473683be83ca5617e2f0b166a56210441e1068795b7bc01cdcee5
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3f61df9a7c11bd68dabbc79906d334cc80e5183cfda24724e957452a54e507a9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
477d1414e0b1e0567fbc31c5efa299d37a5a19f5066bca34f5506375d6527c57
4811e0f7559dc63c97116557b9ec419d3c91c8fbaeb7781e348026395e7b1f00
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
4a06daa8ddc2c39e431042412737d1f4b3329de6a88d9420583d3d4fbeee3ac9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51b10f043014d457da87063ff1e80bcea2071ac59ca34b95ffaff92ebf27cc36
53f218496e3fb539c0c6c0d31e8287766460bf3e6ea3f115efd55cfc41ae890d
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58270f132ee9396c48b1faf83ddee5b1b8fa5814d40dab9cb080a7f45bd7bd88
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
583ebc14ee62b63c17cb86c09bb8bacdf69e8f4b08f942d077504b0100390790
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
659277170ce3fa0d3b14435d63e2431c70b0030785821b640e969d2409231103
66a8dfcc4572e000bf5b4351bae2a763b3357a65ed373ff27a7e7b38ec9486ae
691129e81025fdb3ddeee332ab64fb42eff445baa635c59e19bd023dc910683a
6a9f3c83892833387d92f857563b6f3cfdee0277cbc648a932a2718e000e9e42
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
76424452f8e1eb0bc7fb20f6d7fa0dcaea480d7152a74756c01e816a663c3aa1
786e5e462008b4f0a411a7c8a53dbebcf1e823079977ae3ba5d8f1ca3d75a351
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
78fd2c4d16f0a0337839df722311314ad2f914e15a0062b74b9e38cbb14d8899
7ba9f3c3ce3ca39c8a783bfaa87b75bd40293124f9fe1a7710dda9814206bf09
81a7ab8695e815f6ed7b80ef2080f04f282ae1f2265a798007991c0b04e82fd1
848360150c7285fb18cb4639a4bb09a3664499b3076d27648f1fd1ff8a7f538f
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
8c9eca660a78a831718719a359c918148dacb36ffa63ad6b89320fbd22b06673
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
900f497e7f3b62505bcc6316973c7c359c52f3f1f43796a16f71f88c24d7da67
9349319e3f3797135f6dccd8a8b0e8de20e6ba774dc9d53b4a5cdfa258f72a30
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
93e2cac72a2e1a95064385757f9640b1b67fde78e095171ead878a02653caf4d
97c18b6aec81364d9cdfab1e0e1f18213e90f693486a8fac8e0be2fc69e73f9f
9bde2d399541b1b1f6947f6bf383d5673311d21304d445039e3289ad5d54fb2c
9cebd0661e5eb671dd425ed77b15cac0c413e8b826a790ebfb3373435772a081
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6eb68b0b4a55d4bcedc803010fa4d495e6863743e91be70b42db05b7669aad5
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
ac40282df1d68765df172e475e8c04442fa9ffb45acd7ff243d40b12fba8abb3
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ae0571c38f799ed84bf90726625037e67eaca8aeede296849277bededa4e8b92
ae4216bfc85c99ffd32e7745f0d7d4cd5f57b714f3a4911176b8cd78a176c97c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4d7861377aa1e96cad429e3140c666f11b76ff52499e04a17d42445649377b7
b829ede30edeaa82317197752de530065b3443579114e88a9cd1e7e77b244288
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da
bf8e1514757ac28b6d85379b2bc02f4aff7ab518f1df90ca517c4309828e67b0
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace
d03a6949303f67f2d476666d7272ae6cfd19b50e5380f2de5827fac474e58b6b
d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b
d1af635ea137f8b1ce0e85e3c9a019fd2ce5912c753f7b9d3aa14236aedf2c79
d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2
d530eb650281c426cb8d0c8d602cffe1a63b732b9b4d93e33aaf0340896e3024
d580e451a2d977b93526ad80ba3178dd24e3ccdb7f2b3dd64fb691e96f7a2e4c
d8d7fc067621ed688aa4f094591f52d0f8bd88eb49b8a2b74cda8f9437190249
ddd91b005318711821ae50d18dbc8460f950777ab02f4566d01aa27e6a58e466
df51a5301fcae2ec9503d129a2341e80f6d52e9416ff2460c3048947f4f3852a
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e0c359745a9880aa68d95d4ecc1e789dcab34d2fff8c27ae8908ebd71bd4c84c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40770df1541ecf8c4912c31d653db05c28dca358e2f47640b62dbd0065dbaad
e88a1fef2ace73b45697f5fdf7e648de62aa86da095498a59d14f1cfde23a99f
eddb2dfb05559be8a45c49dd23a69fce16b725cb6f095dd06ddfef5d6fe8cc0a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c
f43973ee0ee121287cca23c16a48de9fce9a5701eaa6724be93d702654a9677f
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fdfafe51888c20a0d249bce0be03366731f8dd7e8320c99827962dee1426960e
fed95790361fed865243152e0bf33d75386c110f629dd643e56d9663ff949e99

wheregoes.com Open in urlscan Pro 2606:4700:3035::ac43:b70e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

168 Requests

92 %HTTPS

53 %IPv6

32 Domains

52 Subdomains

51 IPs

7 Countries

1868 kBTransfer

3996 kBSize

15 Cookies

2 Outgoing links

Redirected requests

168 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Screenshot
Live screenshot

Full Image

168
Requests

92 %
HTTPS

53 %
IPv6

32
Domains

52
Subdomains

51
IPs

7
Countries

1868 kB
Transfer

3996 kB
Size

15
Cookies

168 HTTP transactions
5 data transactions