exchange.sahadan.com Open in urlscan Pro
91.191.168.119 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://exchange.sahadan.com/
Effective URL:
http://exchange.sahadan.com/Default.aspx
Submission: On October 05 via manual (October 5th 2022, 8:31:46 am UTC) from TR — Scanned from DE

Summary HTTP 284 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 55 IPs in 10 countries across 33 domains to perform 284 HTTP transactions. The main IP is 91.191.168.119, located in Turkey and belongs to NETDIREKT-AS, TR. The main domain is exchange.sahadan.com.

This is the only time exchange.sahadan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	91.191.168.119 91.191.168.119	43391 (NETDIREKT-AS) (NETDIREKT-AS)
51	94.130.143.246 94.130.143.246	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:400d:806::200a	15169 (GOOGLE) (GOOGLE)
1	82.222.8.80 82.222.8.80	34984 (TELLCOM-AS) (TELLCOM-AS)
2	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	23.7.201.234 23.7.201.234	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.67.240.95 18.67.240.95	16509 (AMAZON-02) (AMAZON-02)
15	195.244.38.50 195.244.38.50	43391 (NETDIREKT-AS) (NETDIREKT-AS)
3	2a02:6ea0:cb0... 2a02:6ea0:cb00::2	60068 (CDN77 ^_^) (CDN77 ^_^)
15	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:400d:806::2001	15169 (GOOGLE) (GOOGLE)
2	109.236.91.24 109.236.91.24	49981 (WORLDSTREAM) (WORLDSTREAM)
2	108.138.7.10 108.138.7.10	16509 (AMAZON-02) (AMAZON-02)
1 5	92.222.252.172 92.222.252.172	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
1	13.227.219.58 13.227.219.58	16509 (AMAZON-02) (AMAZON-02)
1 1	3.15.76.72 3.15.76.72	16509 (AMAZON-02) (AMAZON-02)
1	18.64.108.99 18.64.108.99	16509 (AMAZON-02) (AMAZON-02)
1 7	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
3	146.59.30.100 146.59.30.100	16276 (OVH) (OVH)
1 2	2a00:1450:402... 2a00:1450:4025:401::9a	15169 (GOOGLE) (GOOGLE)
2 9	2a00:1450:400... 2a00:1450:400d:807::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
1	188.165.145.88 188.165.145.88	16276 (OVH) (OVH)
1	52.222.139.77 52.222.139.77	16509 (AMAZON-02) (AMAZON-02)
1	2400:52e0:1e0... 2400:52e0:1e00::860:1	200325 (BUNNYCDN) (BUNNYCDN)
10	2a00:1450:400... 2a00:1450:400d:80e::2006	15169 (GOOGLE) (GOOGLE)
1	92.123.36.134 92.123.36.134	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
1	54.76.66.96 54.76.66.96	16509 (AMAZON-02) (AMAZON-02)
16	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 4	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
4	18.66.112.28 18.66.112.28	16509 (AMAZON-02) (AMAZON-02)
1	18.198.74.33 18.198.74.33	16509 (AMAZON-02) (AMAZON-02)
9	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2	13.227.219.39 13.227.219.39	16509 (AMAZON-02) (AMAZON-02)
2	142.251.39.34 142.251.39.34	15169 (GOOGLE) (GOOGLE)
2	199.232.18.132 199.232.18.132	54113 (FASTLY) (FASTLY)
1	213.227.153.223 213.227.153.223	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3	213.227.153.222 213.227.153.222	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	18.66.122.67 18.66.122.67	16509 (AMAZON-02) (AMAZON-02)
2	54.170.54.35 54.170.54.35	16509 (AMAZON-02) (AMAZON-02)
284	55

3 91.191.168.119 (Turkey) 1 redirects

ASN43391 (NETDIREKT-AS, TR)

exchange.sahadan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 94.130.143.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nvm-s1.cubecdn.net

is.cdn.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hm.cdn.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.222.8.80 (Istanbul, Turkey)

ASN34984 (TELLCOM-AS, TR)
PTR: host-82-222-8-80.reverse.superonline.net

b.cdn.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.eksiup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.7.201.234 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-201-234.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.240.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-240-95.mad56.r.cloudfront.net

d31qbv1cthcecs.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 195.244.38.50 (Turkey)

ASN43391 (NETDIREKT-AS, TR)

go.admost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
run.admost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6ea0:cb00::2 (United Kingdom)

ASN60068 (CDN77 ^_^, GB)

cdn.dimml.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:400d:806::2001 (Ireland)

ASN15169 (GOOGLE, US)

edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 109.236.91.24 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 109-236-91-24.hosted-by-worldstream.net

js.duhnet.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-10.fra56.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 92.222.252.172 (Paris, France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip172.ip-92-222-252.eu

str.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gatr.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-58.ams54.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.15.76.72 (Columbus, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-15-76-72.us-east-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.108.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-108-99.txl50.r.cloudfront.net

a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:807::200e (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.59.30.100 (France)

ASN16276 (OVH, FR)
PTR: ip100.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4025:401::9a (Den Helder, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:807::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.165.145.88 (France)

ASN16276 (OVH, FR)

gatr.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-77.ams50.r.cloudfront.net

b.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::860:1 (Slovenia)

ASN200325 (BUNNYCDN, DE)

vz-795b4bfd-cff.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:80e::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.36.134 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-36-134.deploy.static.akamaitechnologies.com

images.performgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.66.96 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-66-96.eu-west-1.compute.amazonaws.com

baltar.dimml.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.116 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.112.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-28.fra56.r.cloudfront.net

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.74.33 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-74-33.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.227.219.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-39.ams54.r.cloudfront.net

bucket.cdnwebcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.39.34 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s38-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.18.132 (Vienna, Austria)

ASN54113 (FASTLY, US)

zem.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.153.223 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

b1-eudc1.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.227.153.222 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

b1t-eudc1.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-67.fra60.r.cloudfront.net

img.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.170.54.35 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-54-35.eu-west-1.compute.amazonaws.com

neural40.cdnwebcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	cdn.md is.cdn.md — Cisco Umbrella Rank: 225352 b.cdn.md — Cisco Umbrella Rank: 317228 hm.cdn.md — Cisco Umbrella Rank: 142521	823 KB
43	googlesyndication.com edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 170 pagead2.googlesyndication.com — Cisco Umbrella Rank: 131	206 KB
33	criteo.net static.criteo.net — Cisco Umbrella Rank: 789 pix.eu.criteo.net — Cisco Umbrella Rank: 5790 csm.eu.criteo.net — Cisco Umbrella Rank: 5493	302 KB
27	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215 stats.g.doubleclick.net — Cisco Umbrella Rank: 171 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 304 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 390	277 KB
16	3lift.com ib.3lift.com — Cisco Umbrella Rank: 1960 tlx.3lift.com — Cisco Umbrella Rank: 877 eb2.3lift.com — Cisco Umbrella Rank: 601 img.3lift.com — Cisco Umbrella Rank: 3608	124 KB
15	admost.com go.admost.com — Cisco Umbrella Rank: 43663 run.admost.com — Cisco Umbrella Rank: 58026	18 KB
11	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 485 fonts.googleapis.com — Cisco Umbrella Rank: 118 imasdk.googleapis.com — Cisco Umbrella Rank: 456	474 KB
10	gstatic.com fonts.gstatic.com	178 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 364	151 KB
10	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 136 www.google.com — Cisco Umbrella Rank: 19	2 KB
9	gemius.pl 1 redirects str.hit.gemius.pl — Cisco Umbrella Rank: 228938 ls.hit.gemius.pl — Cisco Umbrella Rank: 8598 gatr.hit.gemius.pl — Cisco Umbrella Rank: 29029	52 KB
7	google-analytics.com 1 redirects www.google-analytics.com — Cisco Umbrella Rank: 94	56 KB
6	criteo.com rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 10350 ads.eu.criteo.com — Cisco Umbrella Rank: 5457 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 7707	103 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 228	220 KB
4	zemanta.com b1-eudc1.zemanta.com — Cisco Umbrella Rank: 22576 b1t-eudc1.zemanta.com — Cisco Umbrella Rank: 15215	453 B
4	cdnwebcloud.com bucket.cdnwebcloud.com — Cisco Umbrella Rank: 52375 neural40.cdnwebcloud.com — Cisco Umbrella Rank: 86748	8 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 908	3 KB
4	dimml.io cdn.dimml.io — Cisco Umbrella Rank: 41736 baltar.dimml.io — Cisco Umbrella Rank: 64663	9 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 334	3 KB
3	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 218 b.scorecardresearch.com — Cisco Umbrella Rank: 5718	5 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 5221 www.google.de — Cisco Umbrella Rank: 3460	1 KB
3	sahadan.com 1 redirects exchange.sahadan.com	23 KB
2	outbrainimg.com zem.outbrainimg.com — Cisco Umbrella Rank: 3247	78 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 358	10 KB
2	duhnet.tv js.duhnet.tv — Cisco Umbrella Rank: 125992	332 KB
2	cloudfront.net d31qbv1cthcecs.cloudfront.net a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net	5 KB
2	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 786	533 B
2	eksiup.com cdn.eksiup.com — Cisco Umbrella Rank: 120233	8 KB
1	performgroup.com images.performgroup.com — Cisco Umbrella Rank: 32376	5 KB
1	b-cdn.net vz-795b4bfd-cff.b-cdn.net — Cisco Umbrella Rank: 219897
1	a2z.com 1 redirects redirect.prod.experiment.routing.cloudfront.aws.a2z.com	238 B
1	alexametrics.com certify.alexametrics.com — Cisco Umbrella Rank: 5313	552 B
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1567	13 KB
284	33

	Domain	Requested by
29	is.cdn.md	exchange.sahadan.com
22	hm.cdn.md	exchange.sahadan.com
21	tpc.googlesyndication.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
16	static.criteo.net	ads.eu.criteo.com
16	pagead2.googlesyndication.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com googleads.g.doubleclick.net exchange.sahadan.com tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
15	securepubads.g.doubleclick.net	cdn.eksiup.com securepubads.g.doubleclick.net exchange.sahadan.com
14	run.admost.com	go.admost.com
13	pix.eu.criteo.net	ads.eu.criteo.com
10	fonts.gstatic.com	fonts.googleapis.com
10	s0.2mdn.net	imasdk.googleapis.com exchange.sahadan.com s0.2mdn.net edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
9	eb2.3lift.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com ib.3lift.com
9	www.google.com	2 redirects edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com exchange.sahadan.com tpc.googlesyndication.com
7	www.google-analytics.com	1 redirects exchange.sahadan.com www.google-analytics.com
7	fonts.googleapis.com	exchange.sahadan.com cdnjs.cloudflare.com edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com ib.3lift.com
6	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	www.googletagservices.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
4	ib.3lift.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com ib.3lift.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	csm.eu.criteo.net	ads.eu.criteo.com
4	googleads.g.doubleclick.net	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com exchange.sahadan.com
3	b1t-eudc1.zemanta.com	exchange.sahadan.com edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	gatr.hit.gemius.pl	1 redirects exchange.sahadan.com
3	ls.hit.gemius.pl	str.hit.gemius.pl ls.hit.gemius.pl gatr.hit.gemius.pl
3	str.hit.gemius.pl	exchange.sahadan.com str.hit.gemius.pl
3	cdn.dimml.io	exchange.sahadan.com cdn.dimml.io
3	exchange.sahadan.com	1 redirects exchange.sahadan.com
2	neural40.cdnwebcloud.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com exchange.sahadan.com
2	img.3lift.com	ib.3lift.com edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
2	zem.outbrainimg.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	exchange.sahadan.com
2	bucket.cdnwebcloud.com	s0.2mdn.net bucket.cdnwebcloud.com
2	cdnjs.cloudflare.com	ads.eu.criteo.com
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
2	rtb.nl.eu.criteo.com	exchange.sahadan.com
2	www.google.de	exchange.sahadan.com
2	stats.g.doubleclick.net	1 redirects www.google-analytics.com
2	imasdk.googleapis.com	exchange.sahadan.com imasdk.googleapis.com
2	sb.scorecardresearch.com	exchange.sahadan.com
2	js.duhnet.tv	exchange.sahadan.com
2	tags.bluekai.com	1 redirects exchange.sahadan.com
2	cdn.eksiup.com	exchange.sahadan.com cdn.eksiup.com
2	ajax.googleapis.com	exchange.sahadan.com
1	b1-eudc1.zemanta.com	exchange.sahadan.com
1	tlx.3lift.com	edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
1	baltar.dimml.io	cdn.dimml.io
1	images.performgroup.com	exchange.sahadan.com
1	vz-795b4bfd-cff.b-cdn.net	exchange.sahadan.com
1	b.scorecardresearch.com	exchange.sahadan.com
1	a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net	exchange.sahadan.com
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com	1 redirects
1	certify.alexametrics.com	exchange.sahadan.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	go.admost.com	exchange.sahadan.com
1	d31qbv1cthcecs.cloudfront.net	exchange.sahadan.com
1	use.fontawesome.com	exchange.sahadan.com
1	b.cdn.md	exchange.sahadan.com
284	60

This site contains links to these domains. Also see Links.

Domain
www.sahadan.com
arsiv.sahadan.com
www.beygir.com
www.mackolik.com
reklamup.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-16` - `2023-05-16`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
certify.alexametrics.com Amazon	`2022-05-30` - `2023-06-28`	a year	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-07` - `2022-11-11`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-02` - `2022-11-01`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-21` - `2022-11-23`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.cdnwebcloud.com Amazon	`2022-09-21` - `2023-10-21`	a year	crt.sh
*.outbrainimg.com R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-16` - `2023-09-06`	a year	crt.sh

This page contains 22 frames:

Primary Page: http://exchange.sahadan.com/Default.aspx
Frame ID: 8D0A0162276553ADC35368CBD593243F
Requests: 113 HTTP requests in this frame

Frame: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Frame ID: B85572D6DFC867ECE5EFB1EEE63A500C
Requests: 17 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B823334DE045D1329BD239C26ECB5FDC
Requests: 1 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: DBF41CCF985FF721B860835AE222B0FB
Requests: 1 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 40254182C132E79B93A0BBE4E660D27B
Requests: 10 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html?mode=new
Frame ID: 42D77479A9557B9BBEBA9D196E4CA9DA
Requests: 1 HTTP requests in this frame

Frame: http://imasdk.googleapis.com/js/core/bridge3.536.0_tr.html
Frame ID: F0810ED7E317B97E686FC334B463CE18
Requests: 1 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: F5BA71A1BDFD7293A1F4AC1D4CD1C476
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAJX5oKd9SMAASes6jiqruzhddKTQKnBA&u=%7Cr677eJXg53HTWyRJtEWnKtSzRSlEqWlwkdGdzugC16o%3D%7C&c1=s9Ouqadr9PMXEEf9T3KSp2NRawDp88DGRxIbKBsnzqAtaD38bvZa_moYIyKPRD4qProvrB7dFEjms2J6BKuo9uh0TvRWo8H5gWhZ5Xcjntf5InsIZYwQWpK08oHRni_OrOl27b6IBJJBImsBiE2wfCs03WE_LsOZz4BCS1jk2w79hvfyh9Ha_rXHFkACg5zK25aiTgjJM62h4T8v-Xu7pxlQbjPcDh_vIFsTqqQ-rWFi4L4d8M658qVFDGiH7RGPoZPhOcF0Nak0hpyCNnC_2tzDTPAmpl8Kec82JnDOAfKKJkRGgaT5E3oR-YAWye0G6G1kAgdU5D8iucCQncvg4qoeJ7IQuWpXZDIMZpXT6KkDRsPNQizPBj-kzpxd_8rKCNiTKB7PQCC6FQsa5XitGyy_WylU3Hh05smLA0vJcldCPVtwsgm1bD6Du-Sh6_xdJk0TYndZOT8hGa9V57A_bjP4tVKcfX8D2Yu0MBfDU5t43NKafZ2tYcvN8qRIlsIzFW8EFPtCxTrWhwK3COgR7m17ILMh2na8d_9Qc804hX9gu0lx78mwNPpm32nh1WiyIDb8TtDUw5Rqf3vAAQUiiKedQx1KJh6xS7vthG7xIvjYzIVRYsCFHPBe7TQdmub62WDDxwb2Q_M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_O-W6kA9Y5q_JYyp3wOzvZKwDcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAdW20uoDyAEJqQLJA7MKe7mwPuACAKgDAaoEpwJP0LQca5C6DLSZ4zn55seHb4hmvSOyeET4nm6EEHfmP_LcEfBoMCFAE0HzeKXZCLUIer5_NmgX3b32b2R6_D0TvREHsBuRJAQOy8XBX90dpcvGWqCqU-OB8LcBDp8OpYmtDsYbNhJl9EiaSpaYisLrKFMkO4bgHAFMbuczP9xLv9ebCU-oco9zQLJLiOlyQOhVNphR1wvx2KyL2i26jUY5TvrFrAoTt0RoM6hvb4Pg0IGQxz25la4L58TVJ93aeHQcd82xSlR4IpOhDBEzQXuhZUQQYFaKLXdlHdETMZbmS0Z7uBuxcx8ridC8iGiPQ_rLf2Z6mznVwQleXdwqzlKVfiYVrBnqPNxvBC7fBugSyLL-moTvkToBekCc1l2j3Aab-qeiuWqo4AQBgAbyiKW9q4Lrh8kBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDb6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_27-VJMmqQtJecncHPbWqPJooM7rg%26client%3Dca-pub-5610649146674306%26adurl%3D
Frame ID: 1980D246D6007BB5E55ADA4100D91C6B
Requests: 20 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 47A90DF43DB2D5E52DD37242376E79D2
Requests: 19 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3A209A9EE68719A4A1E83C20E97C0BC4
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ6oD08QEYnf3IwQEwAQ&v=APEucNWFIVnuJjPb5oeJjqnOyJOQWNPh_y4J3LqZsK0QSU3u0llWs2ov9VZcPs-nLsTLv9eRH69iZhuajmuqgIfYOkYbbwCUh-mSRyLQJmZpi6WiHck1bKDc2v5Bt-_ELyhpQhJLVjkLvqkyxmTcC8B0lMukOkqGmoA4GQ2CFvrrw6VAOLzNaSIc65gvsAbjAct22oYRYPaNbEv7cbTRAZQGRxsfvvRkIw
Frame ID: A145252055800BE44797E297FFDB0AB5
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAN5vAKd6KBAAH6ZO0yHMIsjnhgVitgUg&u=%7CfnaWrL4fzIOaA3yJgkis9UDLPLX1u4Gro%2BspXBGtrh8%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9W2wfJVZL-mlqJIG9cUD21Ox4KLfKTEKenOvyfU3Ls5yHk3uOfMnC60EkdONOb-SIvznE91SEL37wc5iU8xX6OWKK_hVgq3lj2WjqEcVYT6cNy9dxFhOBu3LSPehh-XUcKJLrsGz1P6CQzK2Iba6QMuMWGRsjgvKr0-Q-HYpizZ5PrcEu_26I0AmNbp1xMWt3Dpf-aYSxu9bAV8StA22hR1PB5nj3LinmJo-ogaRSsrWrUx9zY6pXfBAqn5xuJTn_z64bjsGY2Mhhr0q0uQJh7ZBSLkJI6VpQUeHLRijj9VC6OfIz9TgIRIAQYvbuxdrsD5PmldHY8RjmY4Xm2cwg2QQxa8LvCcHYj_DrygKuwFGYrPEa7EK6PhgrvZRS8rYjIkwxYLJKGnGP2JJ9NbpAoPQBLz5KcOefWpPrcnR7K0SryPV8UkoTPhoMzB7ouZ0oBuTtpfBQlSHj8WBOCv1pKVPuWj3ht_cVBD7o3WVjUuYa_bLWksMdZqTG_gUeaSe04U73_OWVQDlHX6GR-k5MsYtaQiboUZyc9fqpKopI06GECbMzmIGWw7eL0wrmsS0KR&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKIUU6kA9Y_DNN4HF3gPk9If4CMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNTYxMDY0OTE0NjY3NDMwNqAB1bbS6gPIAQmpAskDswp7ubA-4AIAqAMBqgSQAk_QfhA3LZLXTjQmsOqEtdAW3558lMGR0zGugumERDMW62jL0pdHdWWeu1jaPE2M6897tWSwDJlZ2UFZ7unA7OP__xlRVeU1f8qzwcT6Fh1JE_lOWch3VmwvAiI01Xo-5SA1lhICpoybLUl0PUIGIz2Ylj9JxPQEXJhq0pTe2Ve4p2WXjY9Gq-2_ZqMVUSgwWINuitdo99DzpmYzodJm9hJQa97wLe8W1OwxpUKK16MDxYWb8EHYS7iEfO7sTmQgV_lWDgq8M14vAqtAbaWohC47B0tmYONVraS3JOooDX4KKSSOMSpbZqF6ADN4lZtkNuBMAiaZwQLwsrE3HpGhER8il3D2-871RRGf4Oexj7AW4AQBgAbg5LzQluWysEugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tMTM4NjA5NTI1MzQ1NjA0NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2MU3e6vClzTdGShMq1zxv4bjEF1g%26client%3Dca-pub-5610649146674306%26adurl%3D
Frame ID: 594892D39C9E5256A81FEC20701EA6D2
Requests: 25 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C167A633F3B3E9E0B5A7A8B3C534E10E
Requests: 20 HTTP requests in this frame

Frame: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D26C64FF4BD3A1F4E9CFC5F0DB58AB2D
Requests: 29 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
Frame ID: B492DB9C884329D39E07DF578B48B486
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A254607081C4F2A9FC95B7633EB20A9D
Requests: 3 HTTP requests in this frame

Frame: https://img.3lift.com/lp?width=600&height=600&url=%2F%2Fimages.3lift.com%2F16682690.jpg&logo_exclude=&v=16
Frame ID: E84B56005536471B4D6B925BA06731BA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9D396A863E1B50FFDF9EE3B122061002
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&cb=94010
Frame ID: 570A593364EF21EB4DF65FAFB8A1B8B6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 42264CBC1BFF7F39A5B40CBA4F27CD35
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0CFBB5D6FFD6CD8D9EFACA19A5C4393B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sahadan.com - iddaa, canlı maç sonuçları, maç skorları, puan durumu, spor haberleri, futbol, iddaa programı, istatistikler, İddaa

Page URL History Show full URLs

http://exchange.sahadan.com/ HTTP 302
http://exchange.sahadan.com/Default.aspx Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

\.aspx?(?:$|\?)
<input[^>]+name="__VIEWSTATE

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui[.-]([\d.]*\d)[^/]*\.js
jquery-ui.*\.js

Page Statistics

284
Requests

64 %
HTTPS

40 %
IPv6

33
Domains

60
Subdomains

55
IPs

10
Countries

3489 kB
Transfer

10801 kB
Size

25
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.sahadan.com/

Search URL Search Domain Scan URL

URL: https://www.sahadan.com/
Title: www.sahadan.com

Search URL Search Domain Scan URL

URL: http://arsiv.sahadan.com/kvkk/default.aspx
Title: Çerez Politikasına İlişkin Aydınlatma Metni

Search URL Search Domain Scan URL

URL: http://www.sahadan.com/kunye.aspx
Title: Künye

Search URL Search Domain Scan URL

URL: http://www.sahadan.com/destek.aspx
Title: Bize Ulaşın

Search URL Search Domain Scan URL

URL: http://www.beygir.com/
Title: Beygir.com

Search URL Search Domain Scan URL

URL: http://www.mackolik.com/
Title: Mackolik.com

Search URL Search Domain Scan URL

URL: https://reklamup.com/?utm_source=sticky&utm_medium=referral&utm_content=sticky

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://exchange.sahadan.com/ HTTP 302
http://exchange.sahadan.com/Default.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

http://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan HTTP 301
https://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan

Request Chain 90

http://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png HTTP 302
http://a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net/test.png

Request Chain 91

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 97

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 98

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=945411733&utmhn=exchange.sahadan.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&utmhid=20745407&utmr=-&utmp=%2FDefault.aspx&utmht=1664958698881&utmac=UA-241588-1&utmcc=__utma%3D65577594.1546289157.1664958699.1664958699.1664958699.1%3B%2B__utmz%3D65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1281506733&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAQAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=945411733&utmhn=exchange.sahadan.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&utmhid=20745407&utmr=-&utmp=%2FDefault.aspx&utmht=1664958698881&utmac=UA-241588-1&utmcc=__utma%3D65577594.1546289157.1664958699.1664958699.1664958699.1%3B%2B__utmz%3D65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1281506733&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAQAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733&slf_rd=1&random=717789651

Request Chain 114

https://gatr.hit.gemius.pl/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=ZzsmD14ySzLzIMbr8IOLd2SSk5YsH7s8Il9AMi0pHVH.Q7jvQ1GYTlD607Vwlelq5KSbS82LO5P9AzolfpMGsv6_3FfQ/wPuJrbvlTpjuS/&ltime=45&fpdata=.TrBalsrWh9wTSHhVtOjaigCBrGAPH377HAT9oMQAqP.77&inner=_ver%3D330&lsadd=&fpcap= HTTP 301
https://gatr.hit.gemius.pl/__/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=ZzsmD14ySzLzIMbr8IOLd2SSk5YsH7s8Il9AMi0pHVH.Q7jvQ1GYTlD607Vwlelq5KSbS82LO5P9AzolfpMGsv6_3FfQ/wPuJrbvlTpjuS/&ltime=45&fpdata=.TrBalsrWh9wTSHhVtOjaigCBrGAPH377HAT9oMQAqP.77&inner=_ver%3D330&lsadd=&fpcap=

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz1A65AXEbP3xY-9bmJAZgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEW4ECFvponcvA-YjgF66WA&google_cver=1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Mjk2NTQ4ODc0NTQ4NTAxNA%3D%3D

Request Chain 270

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 276

http://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Detect&ea=NotFound&el=div%20visible%20with%20attribute%3A%20zero_attr-clientWidth&ev=6&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958700672&_u=KQBCAEABAAAAACAAI~&jid=&gjid=&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&z=1050417681 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Detect&ea=NotFound&el=div%20visible%20with%20attribute%3A%20zero_attr-clientWidth&ev=6&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958700672&_u=KQBCAEABAAAAACAAI~&jid=&gjid=&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&z=1050417681

284 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request Default.aspx Show response
exchange.sahadan.com/
Redirect Chain

http://exchange.sahadan.com/
http://exchange.sahadan.com/Default.aspx

67 KB
16 KB

59ms
59ms

Document
text/html

91.191.168.119
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 91.191.168.119 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: dee0d79670919414d0e9552e4527f82737e46c2ca31fed920cf6c11131777a16

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: public, max-age=40
Content-Encoding: gzip
Content-Length: 15898
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 08:31:34 GMT
Expires: Wed, 05 Oct 2022 08:32:15 GMT
Last-Modified: Wed, 05 Oct 2022 08:30:15 GMT
Server: Microsoft-IIS/8.0
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
s: 83
sloc: 593

Redirect headers

Cache-Control: private
Content-Length: 134
Content-Type: text/html
Date: Wed, 05 Oct 2022 08:31:34 GMT
Location: /Default.aspx
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
s: 83
sloc: 593

GET
H/1.1 200
OK Master.css
is.cdn.md/i4/Css/ 18 KB
4 KB 209ms
12ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/Master.css?v=3.295
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: b3f2e69fff634830a400c124c00dd5c97f023d6154a03aa9ec9a5eb690c9f196

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Apr 2013 14:18:50 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "eae97297630ce1:0"
ntCoent-Length: 18666
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 3302
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK Menu.css
is.cdn.md/i4/Css/ 4 KB
2 KB 208ms
11ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/Menu.css?v=3.295
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: b4a7ef9af3af11bb37d635bfed849032d26ef1cd51095cff7e664fcddf9e114c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Mar 2013 13:55:00 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "c92e784bb20ce1:0"
ntCoent-Length: 4277
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1143
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK master2.css
is.cdn.md/i4/Css/ 23 KB
5 KB 209ms
13ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/master2.css?v=3.295
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: e62af54a296f56631510f41fe04abc6fdb1b703d6e2968a50a6741c5aac93ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Cteonnt-Length: 23574
Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2016 15:56:11 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "2d3995f32140d21:0"
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 4340
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK master.js Show response
is.cdn.md/i4/Js/ 20 KB
6 KB 210ms
14ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/master.js?v=2.7.61
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: c21a3f821b4d312076f3a473f9e741b53658761b5f0886873e12039eb5190cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Jul 2019 13:18:39 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"2978c94e2242d51:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.4.4/ 77 KB
28 KB 96ms
48ms Script
text/javascript 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

HTTP/1.1

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 04 Oct 2022 03:34:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 104242
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 27266
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 04 Oct 2023 03:34:15 GMT

GET
H/1.1 200
OK advertisement.js Show response
b.cdn.md/admost/ 34 B
471 B 304ms
41ms Script
application/x-javascript 82.222.8.80
TELLCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://b.cdn.md/admost/advertisement.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

HTTP/1.1

Server

82.222.8.80 Istanbul, Turkey, ASN34984 (TELLCOM-AS, TR),

Reverse DNS

host-82-222-8-80.reverse.superonline.net

Software

CCAcc (1.0.1/istk-s1) / ASP.NET

Resource Hash

cb9404060fda4757f932c63af8efa23cb6088538410793e9ce068f0d1818df51

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 06 Oct 2015 08:49:58 GMT
Server: CCAcc (1.0.1/istk-s1)
ETag: "90556fb130d11:0"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H2 200 rupsahadan.com.arsiv.js Show response
cdn.eksiup.com/api/special/ 11 KB
5 KB 84ms
25ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.eksiup.com/api/special/rupsahadan.com.arsiv.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d731a0b67521f56a398187ed988cf3ba1a6f679b3ba293576c522d3d32047130

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 836
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 10 Mar 2022 14:39:33 GMT
server: cloudflare
etag: W/"622a0da5-2dbe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWiWJZ%2FBTfmtG7nmO8lcEhHh8QSRYRsyenzR5BlwCubFxa%2BAymp9MoEvTBopzTfUFJj2meprAUhwb2ysIn%2Bc3lQDMRHyzpYf59GoPSCDhqKCfkC9PLFlAC2lDRfVOkss%2F14ERpQJGzGeKDarIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 7554cd568c769073-FRA
expires: Thu, 17 Mar 2022 15:11:04 GMT

GET
H/1.1 200
OK galleryview.css
is.cdn.md/i4/Css/ 3 KB
2 KB 209ms
13ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/galleryview.css?v=1.20.07
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: cecaa3c6afa068e141ee4972e5449634fb581b3447bfa6169d3c038d2450a5e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Cteonnt-Length: 2847
Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 25 Sep 2013 13:42:31 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "a96a2d15f5b9ce1:0"
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1148
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK jquery.galleryview-1.1.js Show response
is.cdn.md/i4/Js/jquery-galleryview-1.1/ 25 KB
6 KB 223ms
12ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/jquery-galleryview-1.1/jquery.galleryview-1.1.js?v=1.20.06
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 9e0475bc6b5858f1d4d16178f48f9993fc45ecd976c9c147330ed300fc220c51

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Apr 2013 09:13:55 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"a643d137de3cce1:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK jquery.timers-1.1.2.js Show response
is.cdn.md/i4/Js/jquery-galleryview-1.1/ 3 KB
2 KB 229ms
18ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/jquery-galleryview-1.1/jquery.timers-1.1.2.js?v=1.20.06
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: e9ef8c5630768eac23544ef13c37e2158f1508b43657a11f482c6dbdf2ffad79

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Apr 2013 07:48:19 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"8d371e42d23cce1:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK jquery.easing.1.3.js Show response
is.cdn.md/i4/Js/jquery-galleryview-1.1/ 8 KB
2 KB 223ms
12ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/jquery-galleryview-1.1/jquery.easing.1.3.js?v=1.20.06
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Apr 2013 07:48:17 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"bbc95841d23cce1:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK HomeScores2.js Show response
is.cdn.md/i4/Js/ 8 KB
2 KB 224ms
13ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/HomeScores2.js?v=1.20.07
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: a81cecefe8865615fe3e4c8858e69f1d92f4cff8a56095d2c57bdfb61fb07439

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21 Nov 2013 16:33:42 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"9f80fe70d7e6ce1:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK gunun-maci-style.css
is.cdn.md/i4/Css/ 4 KB
2 KB 209ms
13ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/gunun-maci-style.css?v=1.20.08
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 3ea5f5e57bcdba2a5925058f077a3c016ac0c03d940a9866f82bddd5bf150dd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Aug 2015 11:01:52 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "b68be9e37dbd01:0"
ntCoent-Length: 4225
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1024
Expires: Fri, 04 Nov 2022 08:31:35 GMT

GET
H/1.1 200
OK turkiye-hirvatistan-voleybol-dunya-sampiyonasi-29092022-b.jpg
hm.cdn.md/img/haberbuyuk/t/ 63 KB
63 KB 106ms
13ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haberbuyuk/t/turkiye-hirvatistan-voleybol-dunya-sampiyonasi-29092022-b.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: dba74544c15f57cd96359f59fcc118e2e39a1b3fff3123dca2f32ce838ecb33f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 29 Sep 2022 16:46:53 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "f0822e1423d4d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 64116
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK galatasaray-kasimpasa-kerem-akturkoglu-gol-sevinci-24072022-b.jpg
hm.cdn.md/img/haberbuyuk/g/ 67 KB
67 KB 104ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haberbuyuk/g/galatasaray-kasimpasa-kerem-akturkoglu-gol-sevinci-24072022-b.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 39e9c9fa33a5355229385615944e7748332fcf2a3a69bbde5566deb782922ea3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Sun, 24 Jul 2022 19:20:49 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "80786b7b929fd81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68494
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK SuperLig_logo_2022_B.jpeg
hm.cdn.md/img/haberbuyuk/S/ 170 KB
170 KB 105ms
12ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haberbuyuk/S/SuperLig_logo_2022_B.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 5d9b4c063099737b65b5d157e4910697121aeddc6f36fb39c090d072594fa364

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Fri, 05 Aug 2022 09:36:46 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "10526ce1aea8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 173578
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK umut-meras-besiktas-antrenman-27072022-b.jpg
hm.cdn.md/img/haberbuyuk/u/ 38 KB
38 KB 106ms
13ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haberbuyuk/u/umut-meras-besiktas-antrenman-27072022-b.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 9caef6df1e0e1919c0933e1140760ed449ce7861bc9d238f8994ce252f558f1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 05 Oct 2022 06:02:45 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "5014c01680d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38504
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK victor-nelsson-galatasaray-2022_b.jpg
hm.cdn.md/img/haberbuyuk/v/ 42 KB
42 KB 107ms
14ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haberbuyuk/v/victor-nelsson-galatasaray-2022_b.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: e46c67ca62b13eb0505fb1d239b9d4c5c78eeb2401104bdd4501130a3e43ae3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 05 Oct 2022 05:15:20 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "3056db7679d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42769
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK turkiye-hirvatistan-voleybol-dunya-sampiyonasi-29092022-k.jpg
hm.cdn.md/img/haber/t/ 7 KB
7 KB 105ms
12ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/t/turkiye-hirvatistan-voleybol-dunya-sampiyonasi-29092022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 7688a1c1a7ec22b7b4a4b6f7f23f66236f38a7e9a814627a5d00b6392263b6e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 29 Sep 2022 16:46:53 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "f0822e1423d4d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7295
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK galatasaray-kasimpasa-kerem-akturkoglu-gol-sevinci-24072022-k.jpg
hm.cdn.md/img/haber/g/ 7 KB
7 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/g/galatasaray-kasimpasa-kerem-akturkoglu-gol-sevinci-24072022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: e5774d459aad81e96c4ebf256bf1c62436707f09b022083d8719fdfeba1b3957

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Sun, 24 Jul 2022 19:20:49 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "2017697b929fd81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6715
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK SuperLig_logo_2022_k.jpeg
hm.cdn.md/img/haber/S/ 16 KB
16 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/S/SuperLig_logo_2022_k.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 1694d5d52547530f2cc3feb29cb467a5a749e8ff702c26b21d237fbd8a9edc6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Fri, 05 Aug 2022 09:36:46 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "b0f069e1aea8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16074
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK umut-meras-besiktas-antrenman-27072022-k.jpg
hm.cdn.md/img/haber/u/ 5 KB
5 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/u/umut-meras-besiktas-antrenman-27072022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 4d38e3c146f148f269132f6ef10d2265e6462de507ef291dd05918030eb5ce42

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 05 Oct 2022 06:02:45 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "f0b2bd1680d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4942
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK victor-nelsson-galatasaray-2022_k.jpg
hm.cdn.md/img/haber/v/ 6 KB
6 KB 12ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/v/victor-nelsson-galatasaray-2022_k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 76cedfe5cb3e098c85235cf99bf5cecd13667cda469476dba97f4a32fc84e8cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 05 Oct 2022 05:15:20 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "d0f4d87679d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5777
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK hakan-calhanoglu-gol-sevinci-10042022-k.jpg
hm.cdn.md/img/haber/h/ 5 KB
6 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/h/hakan-calhanoglu-gol-sevinci-10042022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 1e6455d11ad7744db21131e71fd50ba2356f363b0d1998fbf97da08e5a13759e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 21:02:20 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "303f89734d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5319
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK napoli-gol-sevinci-10042022-k.jpg
hm.cdn.md/img/haber/n/ 7 KB
7 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/n/napoli-gol-sevinci-10042022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 4ba6d590e67a37d8a9d145db8eef8745158d8134ec5955d8cf486644ff007008

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 20:51:34 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "30a641733d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6831
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK ClubBrugge_golsevinci_4ekim2022_K.jpg
hm.cdn.md/img/haber/C/ 13 KB
13 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/C/ClubBrugge_golsevinci_4ekim2022_K.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: c0b1f2c205dfc9e1908bd0569ed8c23413fb96774af18da19b935ca6664204e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 21:24:44 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "90f3bfb837d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12971
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK filenin-sultanlari-zafer-09282022-k.jpg
hm.cdn.md/img/haber/f/ 7 KB
7 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/f/filenin-sultanlari-zafer-09282022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 3c6b1fae0df94115a0a6014d6a84221687d639d22b3b70f916eecef7478715c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 28 Sep 2022 18:33:14 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "d0d640c568d3d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7208
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK Marsilya_golsevinci_DepoPhotos_4ekim2022_K.jpg
hm.cdn.md/img/haber/M/ 12 KB
12 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/M/Marsilya_golsevinci_DepoPhotos_4ekim2022_K.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 0e0e52aa2b6787864ef38ca9dddd96218c71e8f1914b6efb1ebd041dccc77cd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 19:54:35 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "b0b2a3202bd8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12432
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK victor-nelsson-galatasaray-07032022-k.jpg
hm.cdn.md/img/haber/v/ 5 KB
6 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/v/victor-nelsson-galatasaray-07032022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 3cbc3d0137c37dff71917a1a5e1013ea9b5fd773db4fb9fab7f3225838d8fd5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 03 Aug 2022 18:36:47 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "50f9edfc67a7d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5570
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK CarloAncelotti_RealMadrid_2022_k.jpeg
hm.cdn.md/img/haber/C/ 17 KB
18 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/C/CarloAncelotti_RealMadrid_2022_k.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 3ae0cf5e5caba6c5f7524171969abeff8b16e8b14ef64d967e1b8d01571a224d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Wed, 30 Mar 2022 14:36:32 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "40f7bb8c4344d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17703
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK DeleAlli_Besiktas_AA_24eylul2022_K.jpg
hm.cdn.md/img/haber/D/ 14 KB
15 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/D/DeleAlli_Besiktas_AA_24eylul2022_K.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 077f136641e0bab28801ee574e0a769eccc78ffbffd91f071a7f646ef9e50dfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 15:14:37 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "f06d5544d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14781
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK Galatasaray_golsevinci_2022-23_yakin_k.jpeg
hm.cdn.md/img/haber/G/ 28 KB
28 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/G/Galatasaray_golsevinci_2022-23_yakin_k.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 00a1ad03a4d8e3ec2c6962d0d4874170d869a5e5414dd2db1231cf649bb2cfad

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 12:08:43 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "104822cead7d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28525
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK karsiyaka-aek-10042022-k.jpg
hm.cdn.md/img/haber/k/ 7 KB
7 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/k/karsiyaka-aek-10042022-k.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: f7120dbc595f66ac03e9759477b28d90b1192dacd21e2a36dec81ca90b5e6d5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 19:06:17 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "309da46124d8d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6743
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK AhmetNurCebi_Valerienismael_k.jpeg
hm.cdn.md/img/haber/A/ 27 KB
27 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/A/AhmetNurCebi_Valerienismael_k.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: 6478bc97dbc8745de91cde325029977434e7ea3ff994a95b161dbe58c218581a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 12:54:14 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "b019c767f0d7d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27602
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK Trabzonspor_sevinc_ekim2022_k.jpeg
hm.cdn.md/img/haber/T/ 31 KB
31 KB 11ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hm.cdn.md/img/haber/T/Trabzonspor_sevinc_ekim2022_k.jpeg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) / ASP.NET
Resource Hash: a0de656c374d21af32efeeb92b2fe74f34e9ef4eb35495ed0e9820a83ba8c274

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 04 Oct 2022 09:20:35 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "3016328fd2d7d81:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31808
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H2

200

38238
tags.bluekai.com/site/
Redirect Chain

http://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan
https://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan

62 B
303 B

209ms
171ms

Image
image/gif

23.7.201.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Server: 23.7.201.234 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-7-201-234.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:38 GMT
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
cache-control: max-age=0, no-cache, no-store
content-length: 62
bk-server: 9166
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Location: https://tags.bluekai.com/site/38238?limit=1&phint=event%3Dimp&phint=video%3Dsahadan
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1 404
Not Found jquery.autocomplete.css
is.cdn.md/i4/Css/jquery-autocomplete/ 0
0 171ms
170ms Stylesheet
text/html 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Css/jquery-autocomplete/jquery.autocomplete.css?v=3.295
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H/1.1 200
OK css
fonts.googleapis.com/ 2 KB
1 KB 82ms
46ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Roboto

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

HTTP/1.1

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9bcc622da74d5b781d9449ceb10c2dcbcc614838d01a93923556200b67fb37e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Wed, 05 Oct 2022 08:31:37 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 05 Oct 2022 08:31:37 GMT

GET
H/1.1 200
OK jquery-ui-1.8.23.custom.min.js Show response
is.cdn.md/i4/Js/jquery-ui-1.8.23.custom/js/ 200 KB
51 KB 19ms
19ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/jquery-ui-1.8.23.custom/js/jquery-ui-1.8.23.custom.min.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: b04b12cadf378663dd825a3554cc04856238b223260bc77e20aaf54923f649fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Aug 2022 14:30:19 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"33e64bfb3d81:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK jquery-ui-1.8.20.custom.css
is.cdn.md/i4/Js/jquery-ui-1.8.20.custom/css/custom-theme/ 33 KB
7 KB 11ms
11ms Stylesheet
text/css 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/jquery-ui-1.8.20.custom/css/custom-theme/jquery-ui-1.8.20.custom.css
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 4b6ee1b60d99686cc425241e8b26d22d79843b31258b90c14b06d420d0ea9639

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Cteonnt-Length: 33910
Date: Wed, 05 Oct 2022 08:31:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Aug 2022 14:30:19 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "9ca2baafb3d81:0"
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 6537
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.15.4/css/ 58 KB
13 KB 58ms
25ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/css/all.css
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Request headers

Referer: http://exchange.sahadan.com/
Origin: http://exchange.sahadan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: SMP9Z5CD75RCMV4Z
age: 1874477
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +15ieNli9q34c5hqYhSmJVwLBTwhVqJvTdg9ryI9ByO9vV2nFRh6FQgaUA7dbgaLT2jCqpuHETI=
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
server: cloudflare
etag: W/"ecd507b3125edc4d2a03aa6ae5d07da9"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1taiGtUCT0AHhAhb4Eaok4cMVNvi%2FGEbsCWWVIY0PsbHh73CVUyhwrOu7gPye3svArmUZZPIS%2FsL8csgp1MYUhSy9zRPX4Px57JKjkHhBpTvsoDltTsT%2FkXX3GFkfVcvOTz%2BKdYLtVtY3JuL%2Bi9qjU%2Bs"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7554cd563aecbbce-FRA

GET
H/1.1 200
OK footer-ico.png
is.cdn.md/i4/Img/index/ 946 B
1 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/footer-ico.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: e444291a8eb00c0786a77e8b783c318b2d77db35e6715aff504a46d8e64b3335

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "48366ecc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 946
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK atrk.js Show response
d31qbv1cthcecs.cloudfront.net/ 4 KB
5 KB 116ms
33ms Script
application/javascript 18.67.240.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.240.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-240-95.mad56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 11 Aug 2022 01:50:55 GMT
Via: 1.1 9ebd44ea61beb5bd1506a07b26f98e4a.cloudfront.net (CloudFront)
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
X-Amz-Cf-Pop: MAD56-P4
Age: 4776043
ETag: "d89453438fbf10dcf4c13265c40d5160"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: max-age=26920000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4255
X-Amz-Cf-Id: bmHrXZpUg_MbQEqPk90mt0bZEgRhDNDLoqwJrukRaL5r6tr-N1YFSA==

GET
H/1.1 200
OK adblockDetectorWithGA.js Show response
is.cdn.md/i4/Js/ 16 KB
6 KB 13ms
12ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/adblockDetectorWithGA.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 14ee0390722dba1d6e95b766412095d436df22f30b83dfbb9cb38fde3cd72c95

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Dec 2016 10:14:45 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"b31f20bdbb4bd21:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK admost.js Show response
go.admost.com/adx/js/ 4 KB
4 KB 166ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 3dfb78d105e89ffe3359c30a219301b46640e01cb726e00693b9a1e745b678b8

Request headers

Referer: http://exchange.sahadan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:37 GMT
Last-Modified: Wed, 10 Mar 2021 15:26:31 GMT
Server: haproxy-go
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Accept-Ranges: bytes
Content-Length: 3985
Expires: -1

GET
H/1.1 200
OK dimml.js Show response
cdn.dimml.io/ 18 KB
7 KB 203ms
17ms Script
application/javascript 2a02:6ea0:cb00::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.dimml.io/dimml.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 53d94d99aea6bce949af941217303245057b545dc1b96252f610a57f56a6226a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-77-POP: viennaAT
Date: Wed, 05 Oct 2022 08:31:38 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
X-Cache: HIT
X-77-Cache: HIT
Connection: keep-alive
X-Age: 10736
X-77-NZT: Abm0DAZDSM7/8CkAAA
X-Accel-Expires: @1665034362
Server: CDN77-Turbo
ETag: W/"12ff34910278"
X-77-NZT-Ray: FlEBWImr34I
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=86400
Expires: Thu, 6 Oct 2022 05:32:42 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 930 B
2 KB 168ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=46730&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 53ef9e8412836d3dce42ef6d118d1f55a593d35c8af0771d33e3419177e59253

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;c:1;e:37;hc:9;r:>473075-328645-46730-0;cs:cp:cache_z_46730_*_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 930
Expires: -1

GET
H/1.1 200
OK bg.jpg
is.cdn.md/i4/Img/index/ 86 KB
87 KB 12ms
11ms Image
image/jpeg 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/bg.jpg
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: f8c438d279c6bd38c07d7713ec638668b54cbb2b2e55d01e3a7ba28f144365ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "3d5360cc22ace1:0"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 88304
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK header-bg.png
is.cdn.md/i4/Img/index/ 1 KB
2 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/header-bg.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 3f71c7e1467e9bac745ba1f27ec773b77b04b551e3b48eae8447a14c43aefc0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "69ce70cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1116
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK logo.png
is.cdn.md/i4/Img/index/ 18 KB
18 KB 24ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/logo.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 96c0598f9fe9df975d595a6ba24ebff8c1bd6fe14902dd37b2ebb639daedf5bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "50f782cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 17985
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK menu-bg.png
is.cdn.md/i4/Img/index/ 1 KB
2 KB 17ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/menu-bg.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: e4bc697496bb350dee2dd90f94e8454e52a371f64121a5565f0a54652a0716e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "718f85cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1109
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK menu-selected-bg2.png
is.cdn.md/i4/Img/index/ 954 B
1 KB 25ms
12ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/menu-selected-bg2.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: fddc433f7cc747ef4fe82c66486feb8783af32e11f590cf4bb46708b8ec05418

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 18 Apr 2013 14:50:07 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "afa8c34443cce1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 954
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK menu-border.png
is.cdn.md/i4/Img/index/ 931 B
1 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/menu-border.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: a314bd0381551764a32150f16251feccf4184b14859eadec2e06cb0d35d4681e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "d77986cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 931
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK menu-bar-bg2.png
is.cdn.md/i4/Img/index/ 969 B
1 KB 12ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/menu-bar-bg2.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: aa2cb8a5241d24ae98bad193afc76ca3b5437f2d95c62c7c49dbdc9ad6a2fac9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 18 Apr 2013 14:50:07 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "578ebd4443cce1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 969
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK menu-arrow2.png
is.cdn.md/i4/Img/index/ 953 B
1 KB 23ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/menu-arrow2.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: ded1d9b7817a8247c96877fb6bfef1f651d94018cc4df64f298209867a4307e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 18 Apr 2013 14:59:21 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "a6a74f453cce1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 953
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
28 KB 251ms
103ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.eksiup.com
URL: https://cdn.eksiup.com/api/special/rupsahadan.com.arsiv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccbcb20e1a6643aace0c7fe42900838493d540432baacff54039b6b3976e9a8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27715
x-xss-protection: 0
server: sffe
etag: "1354 / 40 of 1000 / last-modified: 1664921228"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Oct 2022 08:31:38 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
758 B 58ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=18834&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;c:1;e:37;hc:10
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK gallery-right-bg.png
is.cdn.md/i4/Img/index/ 928 B
1 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/gallery-right-bg.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 4ec12baf6cba1184f734c98640a42cd7a3208c2edf5871231eb6c3a58a021520

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "d06e6fcc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 928
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
782 B 59ms
59ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=38097&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;cs:cp:cache_z_38097_neq_TR_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK fcb9c35b92ae9233db827fa7df45dfcbc122d07e.js Show response
cdn.dimml.io/static/ 611 B
850 B 55ms
54ms Script
application/javascript 2a02:6ea0:cb00::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.dimml.io/static/fcb9c35b92ae9233db827fa7df45dfcbc122d07e.js
Requested by: Host: cdn.dimml.io
URL: http://cdn.dimml.io/dimml.js
Protocol: HTTP/1.1
Server: 2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 34667fc83e3f4d9ff6080d44c4fc4dd87e0d3a6a8d680dbd3adb05a73d99f590

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-77-POP: viennaAT
Date: Wed, 05 Oct 2022 08:31:38 GMT
Content-Encoding: gzip
X-DimML-Version: 2.2 vH8ffFv9
Transfer-Encoding: chunked
X-Cache: EXPIRED
X-77-Cache: MISS
Connection: keep-alive
X-Age: 658445
X-77-NZT: Abm0DAaDYQzLDQwKAA
X-Accel-Expires: @1664958758
Server: CDN77-Turbo
ETag: W/"7c9fbe5f9b40"
X-77-NZT-Ray: eWAy3dkBZKA
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=60
Expires: Wed, 5 Oct 2022 08:32:38 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 887 B
2 KB 57ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=46727&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: ea3273964fd64f1966a84354ec26014e38f1f725f5dcec8a5777f63e7531d430

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;c:1;e:44;hc:9;r:>473076-328644-46727-0;cs:cp:cache_z_46727_*_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 887
Expires: -1

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 57ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=49848&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;c:1;e:37;hc:11
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK box-title-bg.png
is.cdn.md/i4/Img/index/ 943 B
1 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/box-title-bg.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 9d312140f3532b29659e3b5c2eb94ff9d7d5f09376b21993c5909442eece0067

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "70c860cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 943
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK box-title2.png
is.cdn.md/i4/Img/index/ 2 KB
2 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/box-title2.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 313d5cbad55a31674c5451e2a961ab892e951ea7c59396ea5a89c944c9b029bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Tue, 26 Mar 2013 09:17:54 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "a28763cc22ace1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1673
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H2 200 pubads_impl_2022092901.js Show response
securepubads.g.doubleclick.net/gpt/ 376 KB
128 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54a6606bed93bee86d6763cdc2f435c3501de5b129044f7896fda2080e9d5caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 11:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509160
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130415
x-xss-protection: 0
last-modified: Thu, 29 Sep 2022 08:35:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 11:05:38 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 298 B
185 B 176ms
72ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exchange.sahadan.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84376ca81e8742351a2797ae66d15649495c04822af216ac0f939f2916837087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 160
x-xss-protection: 0
expires: Wed, 05 Oct 2022 08:31:38 GMT

GET
H2 200 sahinterstitial.js Show response
cdn.eksiup.com/api/interstitial/ 6 KB
2 KB 63ms
62ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.eksiup.com/api/interstitial/sahinterstitial.js
Requested by: Host: cdn.eksiup.com
URL: https://cdn.eksiup.com/api/special/rupsahadan.com.arsiv.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d93e17588f48e21f0f1e47e57d6019e748b2b5625796708ccf7767ddc7c9db70

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Fri, 08 Oct 2021 09:29:22 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"61600f72-18df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7pAlpYGZg7508kbipyNz4Mgdzf3oqHAHm6ArQe9PsDUNuOXFBTivkri7djYUMdbIAEnesxtG7wi6s%2FRl0sPgntoBhlJqLhcknX%2FLjGCyZ9alyYEBBkPj2TTmwNjZzRboUy%2BADq%2Fjahstmrazg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 7554cd58a9069073-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 17 Mar 2022 15:11:17 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 57ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=34177&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;c:1;e:44;hc:8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK VideoPlayer.aspx Show response
exchange.sahadan.com/VideoPlayer/ Frame B855 20 KB
7 KB 58ms
58ms Document
text/html 91.191.168.119
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 91.191.168.119 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: Microsoft-IIS/7.0 / ASP.NET
Resource Hash: 6d5cc6cf846cc322bba057ed5ee8a3c4209c2b6dc0b4447d9966615a471ff4ca

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: public, max-age=44
Content-Encoding: gzip
Content-Length: 6898
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 08:14:02 GMT
Expires: Wed, 05 Oct 2022 08:14:47 GMT
Last-Modified: Wed, 05 Oct 2022 08:13:47 GMT
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
s: 88
sloc: 593

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
782 B 60ms
60ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=18833&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;cs:cp:cache_z_18833_neq_TR_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
782 B 59ms
59ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=18830&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;cs:cp:cache_z_18830_neq_TR_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 211ms
70ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=exchange.sahadan.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 188ms
71ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=exchange.sahadan.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 413ms
412ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=653846725495407&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Carsiv.sahadan.com%2Ctopbanner_masthead_multisize_homepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C728x90%7C980x250%7C970x90&ifi=1&adks=2696085593&sfv=1-0-38&fsapi=false&sc=0&cookie_enabled=1&abxe=1&dt=1664958698540&lmt=1664958615&dlt=1664958697454&idt=1036&adxs=320&adys=137&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=960x0&msz=960x0&fws=0&ohw=0&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21e732eed30781e85af8753405dfc1afc4713d0fe50c8b9a396466990cbd056f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 769ms
768ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=653846725495407&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Carsiv.sahadan.com%2Ctopmpu_homepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=2&adks=73288480&sfv=1-0-38&fsapi=false&sc=0&cookie_enabled=1&abxe=1&dt=1664958698545&lmt=1664958615&dlt=1664958697454&idt=1036&adxs=974&adys=145&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=316x266&msz=300x-1&fws=4&ohw=970&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0289700f9a5b8b27a3b4ad5ee3eb25e8c137d58cd37f736401a58538d62a3cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10347
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
30 KB 1048ms
1048ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=653846725495407&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Carsiv.sahadan.com%2Csticky&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90%7C980x90&ifi=3&adks=2074372087&sfv=1-0-38&fsapi=false&sc=0&cookie_enabled=1&abxe=1&dt=1664958698546&lmt=1664958615&dlt=1664958697454&idt=1036&adxs=315&adys=1197&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=970x-1&msz=970x-1&fws=512&ohw=0&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43545fafc0a6e054a6595eca0dbf0442809f36679ab29abcd58035d83fffa3b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30608
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
741 B 343ms
342ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=3738910747598461&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Csahadan.com%2Cinterstitial&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=4&adks=3404394211&sfv=1-0-38&ists=1&fas=8&fsapi=false&prev_scp=nativebox_site%3Dsahadan.com&eri=1&sc=0&cookie_enabled=1&abxe=1&dt=1664958698548&lmt=1664958615&dlt=1664958697454&idt=1036&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2652b8847978a399f70ed15fa6e669dd5781713bca294f3c28a50a4dc9c2865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 711
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B823 6 KB
4 KB 265ms
80ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022092901.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022092901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee2f84d61840b2cc4a48fa5794940cc1cb8d122309a0be318b3d5ad6041a21a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 11:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 508669
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13940
x-xss-protection: 0
last-modified: Thu, 29 Sep 2022 08:35:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 11:13:49 GMT

GET
H/1.1 200
OK docs.min.css
js.duhnet.tv/q/s/player/html5/1.20.2/assets/css/ Frame B855 59 KB
21 KB 77ms
18ms Stylesheet
text/css 109.236.91.24
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

http://js.duhnet.tv/q/s/player/html5/1.20.2/assets/css/docs.min.css

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa

Protocol

HTTP/1.1

Server

109.236.91.24 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

109-236-91-24.hosted-by-worldstream.net

Software

MerlinCDN /

Resource Hash

0133a3a8bad96c183d5fd19407b4cc471dcdd5eb0e81c5504c198ae5a04d6d40

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:38 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Via: HTTP/1.1 Merlin CDN
Age: 64009
grace: none
X-Midtier: tr-ist-sh-s02
Transfer-Encoding: chunked
X-Cache: CMISS_02
P3P: CP= CAO PSA OUR
Content-Encoding: gzip
Connection: keep-alive
X-Age: 0
healthy: none
X-XSS-Protection: 1; mode=block
X-VCT: 0.000
Server: MerlinCDN
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, POST, HEAD
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Edge: nl-naw-ws-s01
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
X-ECACHE: HIT
Cache-Control: max-age=86400
Access-Control-Allow-Headers: accept, origin, x-requested-with, content-type
X-Mcache: HIT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.2/ Frame B855 91 KB
92 KB 49ms
47ms Script
text/javascript 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa

Protocol

HTTP/1.1

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 04 Oct 2022 12:53:20 GMT
X-Content-Type-Options: nosniff
Age: 70698
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 93435
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 04 Oct 2023 12:53:20 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ Frame B855 4 KB
2 KB 29ms
8ms Script
application/javascript 108.138.7.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://sb.scorecardresearch.com/beacon.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Protocol: HTTP/1.1
Server: 108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 07:28:01 GMT
Content-Encoding: gzip
Via: 1.1 bb5a1c03f2335d92378a3e68542733da.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P6
Age: 7478
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
Server: AmazonS3
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
X-Amz-Cf-Id: Cw2GV9pnk3Z-Kv8TxP46WDTY78_Mjs0IUItt9T5a9z3MnNQqcbvqLg==

GET
H/1.1 200
OK gstream.js Show response
str.hit.gemius.pl/ Frame B855 28 KB
8 KB 221ms
16ms Script
application/x-javascript 92.222.252.172
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://str.hit.gemius.pl/gstream.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Protocol: HTTP/1.1
Server: 92.222.252.172 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip172.ip-92-222-252.eu
Software: GHC /
Resource Hash: 454f97323a1a1f954078fb117649b63a4a3e76e38b8eb34acdf2c8b41508bbf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Sep 2022 13:21:50 GMT
Server: GHC
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Keep-Alive: timeout=10
Content-Length: 8050
Expires: Wed, 05 Oct 2022 20:31:38 GMT

GET
H/1.1 200
OK ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame B855 380 KB
127 KB 143ms
83ms Script
text/javascript 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa

Protocol

HTTP/1.1

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf517104f255123ba18c57e1de2f672c0271712d716ff844a26ea8162453b45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Vary: Accept-Encoding
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Accept-Ranges: bytes
Content-Length: 129563
X-XSS-Protection: 0
Expires: Wed, 05 Oct 2022 08:31:38 GMT

GET
H/1.1 200
OK docs.min.js Show response
js.duhnet.tv/q/s/player/html5/1.20.2/assets/js/ Frame B855 967 KB
312 KB 82ms
23ms Script
application/javascript 109.236.91.24
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

http://js.duhnet.tv/q/s/player/html5/1.20.2/assets/js/docs.min.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa

Protocol

HTTP/1.1

Server

109.236.91.24 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

109-236-91-24.hosted-by-worldstream.net

Software

MerlinCDN /

Resource Hash

ec56b2a59262e7489dfdeb863840fbf779478550f423b3cb9b4a9047342da21b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:38 GMT
Strict-Transport-Security: max-age=16070400
X-Content-Type-Options: nosniff
Via: HTTP/1.1 Merlin CDN
Age: 73051
grace: none
X-Midtier: tr-ist-shy-s01
Transfer-Encoding: chunked
X-Cache: CMISS_02
P3P: CP= CAO PSA OUR
Content-Encoding: gzip
Connection: keep-alive
X-Age: 0
healthy: none
X-XSS-Protection: 1; mode=block
X-VCT: 0.000
Server: MerlinCDN
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, POST, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Edge: nl-naw-ws-s01
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
X-ECACHE: HIT
Cache-Control: max-age=86400
Access-Control-Allow-Headers: accept, origin, x-requested-with, content-type
X-Mcache: EXPIRED

GET
H/1.1 200
OK videojs-dock.js Show response
is.cdn.md/i4/Js/ Frame B855 13 KB
4 KB 12ms
11ms Script
application/javascript 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://is.cdn.md/i4/Js/videojs-dock.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 4f64f8e57fceff16ab30429262845ed261ba56e666ee48dd8c0f0616eefd0702

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Oct 2016 09:38:40 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: W/"5f2740967e20d21:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
s: 84
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 2 KB
3 KB 62ms
61ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=46728&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: a30e7f3239b07a4811f6c77a5c62fc5b5774033f099783db947047cd0a0ef113

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: haproxy-go
Var: s:go917;cd:5;r:>473074-328646-46728-0;cs:cp:cache_z_46728_neq_TR_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 1783
Expires: -1

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
8 KB 634ms
634ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=3738910747598461&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Carsiv.sahadan.com%2Cleft_sky_kule_banner_homepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600%7C120x600&ifi=5&adks=3569988438&sfv=1-0-38&fsapi=false&sc=0&cookie_enabled=1&abxe=1&dt=1664958698675&lmt=1664958615&dlt=1664958697454&idt=1036&adxs=150&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=0x0&msz=160x-1&fws=512&ohw=0&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd4b6b51cb97df806b4fba07b04bfd39a26c1c4e4f37a4bbb6f766a5e3b2ed14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8552
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
12 KB 1001ms
1001ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4285071190643003&correlator=3738910747598461&eid=31070046%2C31068357%2C44774962&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fif&iu_parts=90851098%3A96769799%2Carsiv.sahadan.com%2Cright_sky_kule_banner_homepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=120x600%7C160x600&ifi=6&adks=386702893&sfv=1-0-38&fsapi=false&sc=0&cookie_enabled=1&abxe=1&dt=1664958698676&lmt=1664958615&dlt=1664958697454&idt=1036&adxs=1290&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&frm=20&vis=1&psz=0x0&msz=120x-1&fws=512&ohw=0&ga_vid=1546289157.1664958699&ga_sid=1664958699&ga_hid=20745407&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb137058ae6ee059f43c711ca26b3b6addde610e64b960cd3164b8896c3ff02e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 438383
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11918
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 688147
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
552 B 79ms
16ms Image
image/gif 13.227.219.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&time=1664958698689&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&random_number=19519241004&sess_cookie=2fb8f753183a74594c0d1815533&sess_cookie_flag=1&user_cookie=2fb8f753183a74594c0d1815533&user_cookie_flag=1&dynamic=false&domain=sahadan.com&account=Nf8Kg1awO700GA&jsv=20130128&user_lang=en-US
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-58.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 02:09:43 GMT
Via: 1.1 d2322e4264977966de69a888b2e0eba8.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS54-C1
Age: 22916
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Content-Length: 43
X-Amz-Cf-Id: nLvf2QApBJDrqxfnMys9-vMdKcQPblo0XURb3F4-GWNsdoMoI2u5FQ==

GET
H/1.1

200
OK

test.png
a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net/
Redirect Chain

http://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
http://a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net/test.png

58 B
58 B

55ms
19ms

Image
text/plain

18.64.108.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net/test.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 18.64.108.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-108-99.txl50.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:39 GMT
Via: 1.1 ba7b83fea0750f0a671a6626ceefabf0.cloudfront.net (CloudFront)
Server: CloudFront
X-Cache: RoutingProfileExp from cloudfront
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 58
X-Amz-Cf-Id: 6m2CQK6PRaq5HTtT54wNM_w4gSywR30fRSAcCOIxHjbUn9AyrywXKg==
Expires: Wed, 05 Oct 2022 08:31:39 GMT

Redirect headers

Access-Control-Allow-Origin: *
Location: http://a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net/test.png
Date: Wed, 05 Oct 2022 08:31:38 GMT
Server: Server
Connection: keep-alive
Content-Length: 0

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

167ms
50ms

Script
text/javascript

2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 07:19:58 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4300
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 05 Oct 2022 09:19:58 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK footer-bg2.png
is.cdn.md/i4/Img/index/ 2 KB
2 KB 11ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/index/footer-bg2.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 1dbe5850f671cf92fe1d7b55226a830fbe4daba614bf6c6ceeca9e236326930f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:36 GMT
Last-Modified: Thu, 25 Apr 2013 11:13:08 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "ebbbdcdda541ce1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1781
Expires: Fri, 04 Nov 2022 08:31:36 GMT

GET
DATA 200
OK truncated
/ Frame B855 1 KB
0 Font
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://js.duhnet.tv/
Origin: http://exchange.sahadan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: text/plain;charset=US-ASCII

GET
H/1.1 200
OK gemiuslib.js Show response
str.hit.gemius.pl/ Frame B855 57 KB
16 KB 17ms
17ms Script
application/x-javascript 92.222.252.172
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://str.hit.gemius.pl/gemiuslib.js
Requested by: Host: str.hit.gemius.pl
URL: http://str.hit.gemius.pl/gstream.js
Protocol: HTTP/1.1
Server: 92.222.252.172 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip172.ip-92-222-252.eu
Software: GHC /
Resource Hash: cf025959d5ae6414b0f1fb142746a84a93a8e7c0f1aaff024bdfcb740e3c3552

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Sep 2022 13:21:50 GMT
Server: GHC
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Keep-Alive: timeout=10
Content-Length: 15449
Expires: Wed, 05 Oct 2022 20:31:38 GMT

GET
H2 200 fpdata.js Show response
str.hit.gemius.pl/ Frame B855 280 B
642 B 69ms
32ms Script
application/x-javascript 92.222.252.172
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://str.hit.gemius.pl/fpdata.js?href=exchange.sahadan.com
Requested by: Host: str.hit.gemius.pl
URL: http://str.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.222.252.172 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip172.ip-92-222-252.eu
Software: GHC /
Resource Hash: 9d2901234937fd7e0e329f9424029cb8c3a17010f25fc2d4add9db4915ba6ea4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 280
expires: Fri, 04 Nov 2022 08:31:38 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame DBF4 5 KB
3 KB 90ms
24ms Document
text/html 146.59.30.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: str.hit.gemius.pl
URL: http://str.hit.gemius.pl/gemiuslib.js
Protocol: HTTP/1.1
Server: 146.59.30.100 , France, ASN16276 (OVH, FR),
Reverse DNS: ip100.ip-146-59-30.eu
Software: GHC /
Resource Hash: 1bc40252335837dae720df9699c727a1002c9c8afad6830edc39f517c7c3c635

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2726
Content-Type: text/html;charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 05 Oct 2022 08:31:38 GMT
ETag: PRIVATE7520710249
Expires: Fri, 04 Nov 2022 08:31:38 GMT
Keep-Alive: timeout=10
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Server: GHC
Vary: Accept-Encoding,Origin,User-Agent

GET
H3

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
20 KB

143ms
47ms

Script
text/javascript

2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 08:27:31 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 247
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 05 Oct 2022 10:27:31 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=945411733&utmhn=exchange.sahadan.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=S...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=945411733&utmhn=exchange.sahadan.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733&slf_rd=1&random=717789651

42 B
107 B

175ms
85ms

Image
image/gif

2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733&slf_rd=1&random=717789651

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-241588-1&cid=1546289157.1664958699&jid=1281506733&_v=5.7.2&z=945411733&slf_rd=1&random=717789651
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK xgemius.js Show response
gatr.hit.gemius.pl/ 59 KB
16 KB 174ms
17ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://gatr.hit.gemius.pl/xgemius.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 394814da5867ac6dd0819e14379934242530d7e2320e9b859deb9b5a216ad905

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Sep 2022 13:21:50 GMT
Server: GHC
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Keep-Alive: timeout=10
Content-Length: 15975
Expires: Wed, 05 Oct 2022 20:31:39 GMT

GET
H/1.1 200
OK beacon.js Show response
b.scorecardresearch.com/ 4 KB
2 KB 64ms
17ms Script
application/javascript 52.222.139.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://b.scorecardresearch.com/beacon.js
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 52.222.139.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-77.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

Referer: http://exchange.sahadan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 05 Oct 2022 06:27:01 GMT
Content-Encoding: gzip
Via: 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
Age: 7478
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
Server: AmazonS3
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
X-Amz-Cf-Id: IXu0gh1PVhhODsH7SZcIiafjJrlNaHBY5bJXXV3uNlmijrynwUOh5A==

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame B855 49 KB
20 KB 48ms
48ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 08:27:31 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 247
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 05 Oct 2022 10:27:31 GMT

GET
H3 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4025 6 KB
3 KB 145ms
49ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B855 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a39d9acefe24437ed2d4031241c6a1e19751f7e2010681b9320dd2264d27ef54

Request headers

Referer: http://js.duhnet.tv/
Origin: http://exchange.sahadan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 42D7 5 KB
3 KB 67ms
21ms Document
text/html 146.59.30.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html?mode=new
Requested by: Host: ls.hit.gemius.pl
URL: http://ls.hit.gemius.pl/lsget.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.100 , France, ASN16276 (OVH, FR),
Reverse DNS: ip100.ip-146-59-30.eu
Software: GHC /
Resource Hash: ec28c3633cc350543dbbb1465a2f59455f9dbc50b6b6b19891a076b92c2fbd36

Request headers

Referer: http://ls.hit.gemius.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2711
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:39 GMT
etag: PRIVATE7520710249
expires: Fri, 04 Nov 2022 08:31:39 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H2 206 play_720p.mp4
vz-795b4bfd-cff.b-cdn.net/53db8362-2a3b-4400-bc0c-9baf459a9504/ Frame B855 3 MB
0 55ms
11ms Media
video/mp4 2400:52e0:1e00::860:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://vz-795b4bfd-cff.b-cdn.net/53db8362-2a3b-4400-bc0c-9baf459a9504/play_720p.mp4?a=1
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::860:1 , Slovenia, ASN200325 (BUNNYCDN, DE),
Reverse DNS
Software: BunnyCDN-DE-860 /
Resource Hash

Request headers

Referer: http://exchange.sahadan.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
cdn-edgestorageid: 752
cdn-storageserver: DE-168
Content-Range: bytes 0-21520572/21520573
cdn-cachedat: 10/04/2022 13:52:18
cdn-pullzone: 752020
Content-Length: 21520573
last-modified: Tue, 04 Oct 2022 13:35:46 GMT
server: BunnyCDN-DE-860
cdn-fileserver: 436
cdn-requestpullcode: 206
cdn-proxyver: 1.02
content-type: video/mp4
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 05a9b227-635b-4c06-bb4e-88dbaac2ff50
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
cdn-requestid: 740bfd9d58c1789724d697c11f4c9b52
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 204 b
sb.scorecardresearch.com/ 0
191 B 26ms
9ms Image
text/plain 108.138.7.10
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6035584&c3=&c4=&c5=&c6=&c15=&cs_it=b3&cv=3.8.0.210223&ns__t=1664958699043&ns_c=UTF-8&c7=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&c8=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&c9=
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-10.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
via: 1.1 6278ee254a7d35c23aae5e936b5a56ee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: 5jvAFQvOY09GNvWnk87DfZoDoXpvrsCJPbjCdtsdoApg92XwDX24ng==
x-cache: Miss from cloudfront

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 123ms
66ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=21376&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 50899151d35612d8c6cb1e77706ac4d7fa330238b238d73e978acadc6bffde1c

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: haproxy-go
Var: s:go601;c:1;e:49;hc:4
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK bridge3.536.0_tr.html Show response
imasdk.googleapis.com/js/core/ Frame F081 686 KB
222 KB 49ms
48ms Document
text/html 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/core/bridge3.536.0_tr.html

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

HTTP/1.1

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68bbcdadbeb721cb66952f4e3aaa5faa5de544567f63ce3979a8850b91f8a6db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 314260
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 226576
Content-Type: text/html
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Cross-Origin-Resource-Policy: cross-origin
Date: Sat, 01 Oct 2022 17:13:59 GMT
Expires: Sun, 01 Oct 2023 17:13:59 GMT
Last-Modified: Fri, 30 Sep 2022 09:59:38 GMT
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Server: sffe
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame B855 44 KB
17 KB 243ms
105ms Script
text/javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H/1.1 200
OK sahadan_lqes0l6n04vl1o98gwpixrcvk.png
images.performgroup.com/di/library/eplayer3_user_guide/94/76/ Frame B855 5 KB
5 KB 152ms
34ms Image
image/png 92.123.36.134
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.performgroup.com/di/library/eplayer3_user_guide/94/76/sahadan_lqes0l6n04vl1o98gwpixrcvk.png?h=28
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/VideoPlayer/VideoPlayer.aspx?id=ac24zzvao4bb16lwh85vxi5sp&autoplay=true&showads=true&page=anasayfa
Protocol: HTTP/1.1
Server: 92.123.36.134 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-134.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7d0faca785be135eeeaee5cd2ba681e5ababa983819df716a01acfe8c67f26e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:39 GMT
Last-Modified: Mon, 03 Oct 2022 16:14:23 GMT
Server: Apache
ETag: "131c-5ea23a30015c0"
Content-Type: image/png
X-Server-Id: 62ff5c2cd20855624be087e9eecfdb9ec2d414af
Cache-Control: max-age=15296
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4892
Expires: Wed, 05 Oct 2022 12:46:35 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 68ms
68ms XHR
text/plain 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=20745407&t=pageview&_s=1&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958699075&_u=IQBCAEABAAAAACAAI~&jid=1587344872&gjid=473715010&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&_r=1&_slc=1&z=148150037

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://exchange.sahadan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame B855 2 B
22 B 70ms
70ms XHR
text/plain 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=355690182&t=event&_s=1&dl=http%3A%2F%2Fexchange.sahadan.com%2FVideoPlayer%2FVideoPlayer.aspx%3Fid%3Dac24zzvao4bb16lwh85vxi5sp%26autoplay%3Dtrue%26showads%3Dtrue%26page%3Danasayfa&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=640x360&je=0&ec=Videos&ea=play&el=98999776-3009-4817-af95-8c2c7216fdc1&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958699086&_u=AACCAEABAAAAACAAI~&jid=&gjid=&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&_slc=1&z=366804817

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://exchange.sahadan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame F5BA 5 KB
3 KB 26ms
26ms Document
text/html 146.59.30.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: gatr.hit.gemius.pl
URL: http://gatr.hit.gemius.pl/xgemius.js
Protocol: HTTP/1.1
Server: 146.59.30.100 , France, ASN16276 (OVH, FR),
Reverse DNS: ip100.ip-146-59-30.eu
Software: GHC /
Resource Hash: a5d41610b80e2b5c015a47b4839220bb9b3fc3bb6ab620f0af7a7f50899742b0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2719
Content-Type: text/html;charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 05 Oct 2022 08:31:39 GMT
ETag: PRIVATE7520710249
Expires: Fri, 04 Nov 2022 08:31:39 GMT
Keep-Alive: timeout=10
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Server: GHC
Vary: Accept-Encoding,Origin,User-Agent

GET
H2

200

rexdot.js Show response
gatr.hit.gemius.pl/__/_1664958699140/
Redirect Chain

https://gatr.hit.gemius.pl/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fexch...
https://gatr.hit.gemius.pl/__/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fe...

452 B
708 B

72ms
72ms

Script
application/x-javascript

92.222.252.172
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gatr.hit.gemius.pl/__/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=ZzsmD14ySzLzIMbr8IOLd2SSk5YsH7s8Il9AMi0pHVH.Q7jvQ1GYTlD607Vwlelq5KSbS82LO5P9AzolfpMGsv6_3FfQ/wPuJrbvlTpjuS/&ltime=45&fpdata=.TrBalsrWh9wTSHhVtOjaigCBrGAPH377HAT9oMQAqP.77&inner=_ver%3D330&lsadd=&fpcap=
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Server: 92.222.252.172 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip172.ip-92-222-252.eu
Software: GHC /
Resource Hash: 101d1d3fc92f961aefda3e2d5de2230579b99334a382f85e02caf65de71ea8fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 452
expires: Tue, 04 Oct 2022 08:31:39 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1664958699140/rexdot.js?l=100&sendf=8&id=ApswCyd4r7fQTSHRgQVcZmYknDQZv5h32P5mmdfDGZP.67&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=ZzsmD14ySzLzIMbr8IOLd2SSk5YsH7s8Il9AMi0pHVH.Q7jvQ1GYTlD607Vwlelq5KSbS82LO5P9AzolfpMGsv6_3FfQ/wPuJrbvlTpjuS/&ltime=45&fpdata=.TrBalsrWh9wTSHhVtOjaigCBrGAPH377HAT9oMQAqP.77&inner=_ver%3D330&lsadd=&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 04 Oct 2022 08:31:39 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 122ms
85ms XHR
text/plain 2a00:1450:4025:401::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-241588-1&cid=1546289157.1664958699&jid=1587344872&gjid=473715010&_gid=1845101670.1664958699&_u=IQBCAEAAAAAAACAAI~&z=2038758261

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4025:401::9a Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://exchange.sahadan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://exchange.sahadan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4025 0
0 96ms
95ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwNb06kA9Y5q_JYyp3wOzvZKwDcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAdW20uoDyAEJqQLJA7MKe7mwPuACAKgDAaoEpAJP0LQca5C6DLSZ4zn55seHb4hmvSOyeET4nm6EEHfmP_LcEfBoMCFAE0HzeKXZCLUIer5_NmgX3b32b2R6_D0TvREHsBuRJAQOy8XBX90dpcvGWqCqU-OB8LcBDp8OpYmtDsYbNhJl9EiaSpaYisLrKFMkO4bgHAFMbuczP9xLv9ebCU-oco9zQLJLiOlyQOhVNphR1wvx2KyL2i26jUY5TvrFrAoTt0RoM6hvb4Pg0IGQxz25la4L58TVJ93aeHQcd82xSlR4IpOhDBEzQXuhZUQQYFaKLXdlHdETMZbmS0Z7uBuxcx8ridC8iGiPQ_rLf2Z6mznVwQleXdwqzhCXX7SSI4X5g0B7p_7ioBAb3LhIkKr3E47JR-ZuaUOPxIMxfrQd4AQBgAbyiKW9q4Lrh8kBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDaACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTYxMDY0OTE0NjY3NDMwNhjqoxw&sigh=zRPxbxlICf8&uach_m=[UACH]&cid=CAQSPwCsnQUxGUMslXSEqZ4IZg2KRYPUAVQFbf8C6dt-BCf_ueJumAHjrykyrUGLPQ5PqXKXlu1L34geaMdv8tyqGxgBIBM
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 4025 0
0 80ms
24ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=k6r8CouBGtQH-gGdg2ICAgAAANgyaVcnzbmORGd0EJtno9oQ6kA9Y4ylbHuMo2nMBmXJABIAAA&wp=Yz1A6gAJX5oKd9SMAASes6jiqruzhddKTQKnBA

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 341591
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1980 137 KB
45 KB 323ms
113ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAJX5oKd9SMAASes6jiqruzhddKTQKnBA&u=%7Cr677eJXg53HTWyRJtEWnKtSzRSlEqWlwkdGdzugC16o%3D%7C&c1=s9Ouqadr9PMXEEf9T3KSp2NRawDp88DGRxIbKBsnzqAtaD38bvZa_moYIyKPRD4qProvrB7dFEjms2J6BKuo9uh0TvRWo8H5gWhZ5Xcjntf5InsIZYwQWpK08oHRni_OrOl27b6IBJJBImsBiE2wfCs03WE_LsOZz4BCS1jk2w79hvfyh9Ha_rXHFkACg5zK25aiTgjJM62h4T8v-Xu7pxlQbjPcDh_vIFsTqqQ-rWFi4L4d8M658qVFDGiH7RGPoZPhOcF0Nak0hpyCNnC_2tzDTPAmpl8Kec82JnDOAfKKJkRGgaT5E3oR-YAWye0G6G1kAgdU5D8iucCQncvg4qoeJ7IQuWpXZDIMZpXT6KkDRsPNQizPBj-kzpxd_8rKCNiTKB7PQCC6FQsa5XitGyy_WylU3Hh05smLA0vJcldCPVtwsgm1bD6Du-Sh6_xdJk0TYndZOT8hGa9V57A_bjP4tVKcfX8D2Yu0MBfDU5t43NKafZ2tYcvN8qRIlsIzFW8EFPtCxTrWhwK3COgR7m17ILMh2na8d_9Qc804hX9gu0lx78mwNPpm32nh1WiyIDb8TtDUw5Rqf3vAAQUiiKedQx1KJh6xS7vthG7xIvjYzIVRYsCFHPBe7TQdmub62WDDxwb2Q_M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_O-W6kA9Y5q_JYyp3wOzvZKwDcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAdW20uoDyAEJqQLJA7MKe7mwPuACAKgDAaoEpwJP0LQca5C6DLSZ4zn55seHb4hmvSOyeET4nm6EEHfmP_LcEfBoMCFAE0HzeKXZCLUIer5_NmgX3b32b2R6_D0TvREHsBuRJAQOy8XBX90dpcvGWqCqU-OB8LcBDp8OpYmtDsYbNhJl9EiaSpaYisLrKFMkO4bgHAFMbuczP9xLv9ebCU-oco9zQLJLiOlyQOhVNphR1wvx2KyL2i26jUY5TvrFrAoTt0RoM6hvb4Pg0IGQxz25la4L58TVJ93aeHQcd82xSlR4IpOhDBEzQXuhZUQQYFaKLXdlHdETMZbmS0Z7uBuxcx8ridC8iGiPQ_rLf2Z6mznVwQleXdwqzlKVfiYVrBnqPNxvBC7fBugSyLL-moTvkToBekCc1l2j3Aab-qeiuWqo4AQBgAbyiKW9q4Lrh8kBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDb6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_27-VJMmqQtJecncHPbWqPJooM7rg%26client%3Dca-pub-5610649146674306%26adurl%3D

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7e7245a90f91b087064104adedc5ddc6b47f74644617974a6c73b4122ab92ec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=2azuf8Sa1CGbGgDPvf3FdqmAWbjcXjgjSkbyk96Vm2FdIP10oMUOutP_85CBDXP5f_MPBIMFIv7Dm78TO87-qvd_K6SluSAbbJHkCVESTAHNdlMApqYtvEK-06opu_PcAGTjCnm0na9sAxMkQHzOZ92hr37EYnvMcLGC9sX5XDk0pdtBw3zze5lJzXmXcXAN2jXzTAc7LZ-aJ_X4F7_3DM-eZlPDEkYy8WPmMUF7GGxjdSicjTHsKsux46XS2UG0SOCvjw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 94688771
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4025 3 KB
1 KB 77ms
64ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:11:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1185
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 08:11:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4025 17 KB
8 KB 61ms
48ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 08:08:37 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4025 0
0 149ms
69ms Image
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRMGEstWDqcSInUbQ-MfnUtL6S2kY6A3jKDmg7_XH_TCVOPC1-6hilSQ7AN54-cbtiS1bk1X94-kExG6t2Eo2tc8tKqbw
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 4025 22 KB
7 KB 68ms
56ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:28:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 15:28:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4025 141 KB
44 KB 442ms
107ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 57ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=46731&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: haproxy-go
Var: s:go917;c:1;e:46;hc:6
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 57ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=29753&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: haproxy-go
Var: s:go917;c:1;e:46;hc:6
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
DATA 200
OK truncated
/ Frame 4025 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8d5b5fcae82e045a3d5cf1cd45d4443c561849e5024f7e3a41cc25cacf6648b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK 85444b226f71dc04e1928aeaa1129042d3a9ccc1.js Show response
cdn.dimml.io/static/ 2 KB
1 KB 17ms
17ms Script
application/javascript 2a02:6ea0:cb00::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.dimml.io/static/85444b226f71dc04e1928aeaa1129042d3a9ccc1.js
Requested by: Host: cdn.dimml.io
URL: http://cdn.dimml.io/dimml.js
Protocol: HTTP/1.1
Server: 2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8853e974d661a5636217c397d87dd0c3c3c67390b67f0924136430125ea8e933

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-77-POP: viennaAT
Date: Wed, 05 Oct 2022 08:31:39 GMT
Content-Encoding: gzip
X-DimML-Version: 2.2 vH8ffFv9
Transfer-Encoding: chunked
X-Cache: HIT
X-77-Cache: HIT
Connection: keep-alive
X-Age: 1232
X-77-NZT: Abm0DAYPV17/0AQAAA
X-Accel-Expires: @1664959267
Server: CDN77-Turbo
ETag: W/"be1da9f087b3"
X-77-NZT-Ray: /m4kVstRn/0
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=1800
Expires: Wed, 5 Oct 2022 08:41:07 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
118 B 97ms
96ms Image
image/gif 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-241588-1&cid=1546289157.1664958699&jid=1587344872&_u=IQBCAEAAAAAAACAAI~&z=1544619635

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 201ms
84ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-241588-1&cid=1546289157.1664958699&jid=1587344872&_u=IQBCAEAAAAAAACAAI~&z=1544619635

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
757 B 58ms
57ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=26436&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: haproxy-go
Var: s:go917;c:1;e:46;hc:6
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H3 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 47A9 6 KB
3 KB 47ms
47ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3A20 6 KB
3 KB 47ms
47ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK get.ashx Show response
run.admost.com/adx/ 23 B
782 B 63ms
63ms Script
text/html 195.244.38.50
NETDIREKT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://run.admost.com/adx/get.ashx?z=51258&accptck=true
Requested by: Host: go.admost.com
URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122
Protocol: HTTP/1.1
Server: 195.244.38.50 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
Software: haproxy-go /
Resource Hash: 34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b

Request headers

Referer: http://exchange.sahadan.com/Default.aspx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: haproxy-go
Var: s:go917;cs:cp:cache_z_51258_neq_TR_*_*_*_*_*_*
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private, max-age=0, no-store, must-revalidate
Content-Length: 23
Expires: -1

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A145 624 B
838 B 214ms
97ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ6oD08QEYnf3IwQEwAQ&v=APEucNWFIVnuJjPb5oeJjqnOyJOQWNPh_y4J3LqZsK0QSU3u0llWs2ov9VZcPs-nLsTLv9eRH69iZhuajmuqgIfYOkYbbwCUh-mSRyLQJmZpi6WiHck1bKDc2v5Bt-_ELyhpQhJLVjkLvqkyxmTcC8B0lMukOkqGmoA4GQ2CFvrrw6VAOLzNaSIc65gvsAbjAct22oYRYPaNbEv7cbTRAZQGRxsfvvRkIw

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:39 GMT
expires: Wed, 05 Oct 2022 08:31:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 47A9 80 KB
34 KB 234ms
117ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C9vqLCH58GGW2luSJFhOfeU4gjYYYoGEkWOEeywTl8gHhbvZ72XgJiIgTRO4mh7BFLsHe9pB_u8upIxuWifnxa9LfC4aZGnwgxj8HlXstk_xcBKSw_a1qhFs3HTCWz8kUdpSZiCCCxVWuAFOLIDIwmxCh15o0eAZjl4prgsXPXCG9THBo&dbm_d=AKAmf-DhZAr8qzl2UBvfFbYo947iq-YJZ32auFPNZjyp_WMCQ1GTjLHYI2hJpbGYSI5wLpE1kQNhbvGQI-DtPAumr0APsVS2bWF06UzpfuTPNtw_0Ttp2ga0J11_fVDtu3V57JKhBCGySHzH6aUxdCrOhaHKnha25XyMdkjXUslIN5sSvMpu--vvhW8toAQFndHtED1iMjgkCyHwxkrqtIUWFwyP9QV2XOtTR2O4wj-5RuDywz1eq3LIHcwnF3OV-tInpr6bBc9WT35FybvjW0UwP4KfbO-XW6QC5z0XDmbT87KrPSD3EY0Jj1BOM7s0nGRIy1v-vgvDfufzpypwvtXZmAzkTMnQG3vFiTscThuTwZWRDoFen0xphW8A1Z4es6wO52n7wsO2Luh-Vf76UGMJw3QLNLprShZiIAuAuICts2QotY7TK0MZ1czOFmeDeClPMCcp1AGFYciDiOSezDmafbcwp2xmV46tzwvga-b47nejAFQbRJrwr0bpygnQL-o5j_1K9lZcaIXUDbv9WVAqPMhPt_c_IgrGslrqEtC5IZbJyP7jy8ROMIrmoI4aT2qLE5alLNwVJ_X-gNZRo5Jc8eIo8dc0grhe6-hJ3-TP0y_Nnu9PadB5_Zft-RCM_YtpXTcCIUREHRcd-88GDMRWctj6-2PDpdbLMpGc-tVphzbTwPtoEc22ZmIpdYpGPVstejPDL5VEyXmJVTE2x5AiUXM8REtB52PYMez1JGiOKOM2OSScWVAGuyd4bEciW_hDm0bz9Qmdj9eOqvtzmIf9tc8I1KeMUKYQx_uHvCTn8dPjgFAcdnWZnn_Yi5DyPdoF2lXoaxeRA3dVRK3g8fshouiUrfYujiSkocKrPpWxJyjm0iSAMGXQ46nuVvNx4dvpwcFTowWSWp7kJcdRWyfFvmeqOfaDf7U58ZUUO8IfzE4x171y6HK0eHIA_JKNgJQGU6nvUBz54tViSEFNYGQhVy5lZUCwW20JPmA2C1C6sABuKBuBcSjmlYzYeXqNWmqjUYLu7e6DLxCpKXrgYjOzcndnG7XhKkhZfxpAiZQQfBpPtOuk0W_CSgUq-1KS9r2GQgySgOOnWSl9qTh76s2gRQyNIbPJEJPxYdnQzlEP8iZlMDVPtLFPB0LPKeLd6xc0zzpbrlt5aVk3Jp4jneZ5CPrVmlgPnOPZzpry4HSX6JbunpO8Jq6SRyRwE_tzKUMrybtEVD-nh2r-d-FNktu55sYPx70JDY-PMPOX5MrUleIW7lOdppSQj9kwlA2PdoSuXyt-UyQhEVsr9slgLpjReniz18A_714KCDVvIbsfGRcOemzW5HyKqaWuy_V9wPRQe32stT9d9JZcW7kUG7siXkccmHtsZ2s_k5k8DKJSLEnZHRkCF_T8s5wM0gUoQ5MtCrZD8SPdz0MdrU7CtC0FtMNnPdZ6PGQ7EtKUHv3KE3PwXUme0m_BOf4DK33BZCZloO8u8js-iacy91uXzLDOmoSTM4JMVywUqGW5zN0DGG6v5y5J18YKs6SVbC_0a-G7CkcbWApZyOlw5yLVz7qU9PYR7FHL2lMuruViDBPNYHzNj6OVLcqA_qHkZg7Bz8yqYZ15HNmKn-92h0IrNYc-mprCtauDVX_o0t6EPFzAiL6u6DL2zm8vEYRfh4PvIxrPWnFN_vtbIgKKwp0LLXRQ7tgm4mvh2FAhiJ3SO3HNnuc8jAyun8BcR7xyFPnHayfAmtR460lpTCeawX8_hgcUpiXpCAvuDynJSGY7uk6M-DvIkIKrcfhwbSWn-DsjxSyBaPtX6AN4OeVypOFQiYoS3CfO-YqfsIZKBjdAgO_V8l4rhLnfIIZmC5jHYdCe-ngEC93UpnCV_N-aI6a3lRJ7zxHfjNAGkmh_UmWlcTiit0dV7R3kcNLQrBba9FovlvZC1IL4MJiwOdqtLYIkix4RaIkStyxnIILSvkcPAs7Zn5RnX6AHRxRD6AOAI0UA7zCs92UGMHz2Fde8zgEo4xgW7eM3VBSTClbCehhD60qi60YJAVAXgTXT2c68ljVv-o_du1fmyjqFMZy-Tusy7JClfBOhEhmCJ40A1isvA-NySpfjc9HbyW4U3zKEx51LkTWtDQfuiCHYi6leUQ-f1FCjwfevAb2Agx5vk8c8u37qB7Wz9ApBdIiFiSvh8qOvj8zn4s0uNbdlILBhKeJ7b9PMCpMh9N9Nzp5fVs4sXlNfc3nzhkq5dm98d6cqJt1GHRDp280YCC0yaLL0yuhLufldla2rsmU07osRzd1x3It86UtWyvUwgLy6fN635w1pH0ypUtHhbTp_eQs_2EYjAWnWNYuDRY1mvfqqhX1gSh7LHqgvSRiBNpsSp9IR-DMVBoBFYPwJnMsCFoeCILSGiJgbk_X5VjdlpyHbobW8l0x1dzz6Hkn4Wd_V5nDyGCnwXsgc_PBokw-qRIikZ6hJYnlGtPR7N33ik06Y6vj6fKncpWP-3SO6XX1EFK3LVsm7E3LuuvsS007UBuaLpNNdT9rgpvoftreXoZkk5XPVzbfdM9GP6enlpR65gHGZMIYjHew4XYjq3X4R37YkVmHKIGV3n4TO1TZSmbbxngYdnnyv67Z9lPn1yzUiuEWBZBoZDQsHQq9hV5WL5I3lpoFrX4C-2nx8T3CqUbS2riq-3uTEsLWzAEfFT2Mvv1j-82IRddzcb6w214OCO_s4eQGE6mwVVVbBu_I0C8b3ynwcYVW8JfXCcmGeked-kW568rOQ9vK90eKH5K67FQ9gfU0vKhZNphZuGUVefqOWf90yd3XeDv8El0DWZzDEry0qeflx1lV5tBQ5_7LCE9ICPSOfPVOc3jkoaDwS5_zpFoyrlITmwYzgxowQ4NK6amN_NM64hfUbWQnz5X2aQH7PcMyRVeI4chhLTpmrgLYvdcMBUz1w1aUe5FlZOHOyL66aiz1L9uFavDodbsd6R0VLX_zBdAXiUG08eM0kPSbY81-muV86_jTbrtymc7PJ65lqm-o1gZP8v6CCS2JFF-OIRjhItWkWFpMeDyBAv4pADgO6Xz3frMAG3HYVjkyTE5yLJhBCyexQ-PMCCl-Fh2dyWIvJRlq7-0-NtX7Oxk_EFuG2Cdsdu7iX2wLqR5pNqTlyA9lBdlXmW1W5yDQB8aWsWC0FN3hOlJdOxgYxPePtFRI6MZlFfxnjLb5KyJuOobnW_Nyzp7gyvujQdotisiSvhdfl-AUJdFpUs3pBjwApMI4udL1vj6Zoke-ovKZqM7c_DcGzzK-1rmgfeWf5DI9qBjeInnc_F4xJr8MXNQ5VUw9S6CBCH9gLzPNmeqlXAjLohSSeFxY2ACfstUYqapKwAsTvUBzMtyz3TQtXLR0J_W4TYvyfnp7_CFNJ0JTUtyWrYLmsTb5KOqfMoc5p7lj7C937oYVyYKTSGUqNWvkosSQL9lEIDOyo0M9XSGhJTOdrKGR3CUDHNMoR6kvr-hu_2TOYwPfznV3jdFVC6yucrH7LU7Eh3F7ci5bmlOon29L594NP9Hr9EIEQgS-fiNVzE_ue_v2vKtSdCLmvxX5XNVySIJOGxq4dAB7pDTk&cid=CAASKORoOmbzqwbcE2xMEIu9oTrNCClzTIZZGP3G2r9GsPdanpEf3BnZeKMgDQ&rfl=1%2Chttp%253A%252F%252Fexchange.sahadan.com%252F%240

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9e5199905c87b3197f0bc3d2baef36abbd1b80ebfcb5c13018e63a803c76d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34651
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47A9 42 B
494 B 209ms
80ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BKbaotK80Qh04PQ4NTqFnAee7YnvVhEUOSzNmWSYoIakTuLn_EI0nlV3zdm7Esd0B9KDAYI8zkck5f2hqnCtHG6tGHMzfOMezsMPV8Y_0QLs4Q6HQ

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 47A9 3 KB
1 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:44:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 47A9 17 KB
7 KB 49ms
48ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:28:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 47A9 0
0 169ms
69ms Image
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRNBXtXVoWUPssoax6LW4Im7V08LSWV7ZwsOrrzd6ztDexml4bbIJfRxeeLFxyLHmhVASZTGsASLuZlnP9JBj5ZCJ7GBQ
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 47A9 141 KB
44 KB 293ms
175ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3A20 0
0 87ms
87ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8Z9q6kA9Y_DNN4HF3gPk9If4CMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNTYxMDY0OTE0NjY3NDMwNqAB1bbS6gPIAQmpAskDswp7ubA-4AIAqAMBqgSNAk_QfhA3LZLXTjQmsOqEtdAW3558lMGR0zGugumERDMW62jL0pdHdWWeu1jaPE2M6897tWSwDJlZ2UFZ7unA7OP__xlRVeU1f8qzwcT6Fh1JE_lOWch3VmwvAiI01Xo-5SA1lhICpoybLUl0PUIGIz2Ylj9JxPQEXJhq0pTe2Ve4p2WXjY9Gq-2_ZqMVUSgwWINuitdo99DzpmYzodJm9hJQa97wLe8W1OwxpUKK16MDxYWb8EHYS7iEfO7sTmQgV_lWDgq8M14vAqtAbaWohC47B0tmYONVraS3JOooDX4KKSSOMSpbZuN4IaH_Ggd3iXxYofakZ_r5pruBFL-5k6vqqtYERNDZXZQ1ZPQO4AQBgAbg5LzQluWysEugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tMTM4NjA5NTI1MzQ1NjA0NoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01NjEwNjQ5MTQ2Njc0MzA2GOqjHA&sigh=zJe-25tZSF4&uach_m=[UACH]&cid=CAQSPgCsnQUxA6QZcorbaVx9b6-mAJT1YETKHPjthEBz1qnVoQEkjHeSwIFez9_YKsMWFfjt22A3CNAoHjKj9VkhGAEgEw
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 3A20 0
0 15ms
14ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=k8euEcc1rAL6AZ2DYgICAAAA2DJpVyfNuY5EZ3QQm2ej2hDqQD1j7IM5hcv197FYZ8IAEgAA&wp=Yz1A6gAN5vAKd6KBAAH6ZO0yHMIsjnhgVitgUg

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 164898
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5948 199 KB
57 KB 186ms
185ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAN5vAKd6KBAAH6ZO0yHMIsjnhgVitgUg&u=%7CfnaWrL4fzIOaA3yJgkis9UDLPLX1u4Gro%2BspXBGtrh8%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9W2wfJVZL-mlqJIG9cUD21Ox4KLfKTEKenOvyfU3Ls5yHk3uOfMnC60EkdONOb-SIvznE91SEL37wc5iU8xX6OWKK_hVgq3lj2WjqEcVYT6cNy9dxFhOBu3LSPehh-XUcKJLrsGz1P6CQzK2Iba6QMuMWGRsjgvKr0-Q-HYpizZ5PrcEu_26I0AmNbp1xMWt3Dpf-aYSxu9bAV8StA22hR1PB5nj3LinmJo-ogaRSsrWrUx9zY6pXfBAqn5xuJTn_z64bjsGY2Mhhr0q0uQJh7ZBSLkJI6VpQUeHLRijj9VC6OfIz9TgIRIAQYvbuxdrsD5PmldHY8RjmY4Xm2cwg2QQxa8LvCcHYj_DrygKuwFGYrPEa7EK6PhgrvZRS8rYjIkwxYLJKGnGP2JJ9NbpAoPQBLz5KcOefWpPrcnR7K0SryPV8UkoTPhoMzB7ouZ0oBuTtpfBQlSHj8WBOCv1pKVPuWj3ht_cVBD7o3WVjUuYa_bLWksMdZqTG_gUeaSe04U73_OWVQDlHX6GR-k5MsYtaQiboUZyc9fqpKopI06GECbMzmIGWw7eL0wrmsS0KR&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKIUU6kA9Y_DNN4HF3gPk9If4CMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNTYxMDY0OTE0NjY3NDMwNqAB1bbS6gPIAQmpAskDswp7ubA-4AIAqAMBqgSQAk_QfhA3LZLXTjQmsOqEtdAW3558lMGR0zGugumERDMW62jL0pdHdWWeu1jaPE2M6897tWSwDJlZ2UFZ7unA7OP__xlRVeU1f8qzwcT6Fh1JE_lOWch3VmwvAiI01Xo-5SA1lhICpoybLUl0PUIGIz2Ylj9JxPQEXJhq0pTe2Ve4p2WXjY9Gq-2_ZqMVUSgwWINuitdo99DzpmYzodJm9hJQa97wLe8W1OwxpUKK16MDxYWb8EHYS7iEfO7sTmQgV_lWDgq8M14vAqtAbaWohC47B0tmYONVraS3JOooDX4KKSSOMSpbZqF6ADN4lZtkNuBMAiaZwQLwsrE3HpGhER8il3D2-871RRGf4Oexj7AW4AQBgAbg5LzQluWysEugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tMTM4NjA5NTI1MzQ1NjA0NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2MU3e6vClzTdGShMq1zxv4bjEF1g%26client%3Dca-pub-5610649146674306%26adurl%3D

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2cd0762c0d84c86e37434dbae7439b4c8b42bc8bb8280cca592dd6ebf22da898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=B3tzssSa1CGbGgDPaUmzv_dLN9kIYQZFyqsUtyCZPOBwFP9h0s8thJIkSrRjOU2AtVbN-X54WbZZtqeFY29zTPglztm2wi76qTIFpk_NHRp3xUSXLJVoToENpfpVnmCYElhSIrhOJOUArKXLHcE8X59CMwGuXR_70hqYUVQn4MmHQ-nZGBSPDM_LgPKNqs7FWiN5L7Ehx-FpHKbpiDryPV7FknVzxOk5dq4F4XeyvMlco-POQ4KXIUdHM3x0w6RfSK8Oxw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 164305260
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 3A20 3 KB
1 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:44:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 3A20 17 KB
7 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:28:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3A20 0
0 154ms
68ms Image
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRkYwSJHvzaCNPBhyCXcYrEmbFlP494pCsbgOsIRptIeL2Tc4z0ZLyPwAApjCj7s4X8U1BhISW-b57Ii6Iykuc6tv4TJQ
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 3A20 22 KB
7 KB 56ms
55ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:28:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 15:28:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A20 141 KB
44 KB 291ms
188ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H/1.1 200
OK opacity_black.png
is.cdn.md/i4/Img/ 1 KB
2 KB 12ms
11ms Image
image/png 94.130.143.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://is.cdn.md/i4/Img/opacity_black.png
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Server: 94.130.143.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nvm-s1.cubecdn.net
Software: CCAcc (1.0.1/nvm-s1) /
Resource Hash: 66c473d28591572dcdf5e6f5ace03c5e2dafdf17516956d9556d8d703e447c2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:37 GMT
Last-Modified: Mon, 15 Aug 2022 12:45:16 GMT
Server: CCAcc (1.0.1/nvm-s1)
ETag: "9140dadea4b0d81:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
s: 84
Content-Length: 1389
Expires: Fri, 04 Nov 2022 08:31:37 GMT

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 95ms
48ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto

Protocol

HTTP/1.1

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://exchange.sahadan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 28 Sep 2022 20:10:49 GMT
X-Content-Type-Options: nosniff
Age: 562850
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15744
X-XSS-Protection: 0
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 28 Sep 2023 20:10:49 GMT

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 95ms
48ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto

Protocol

HTTP/1.1

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://exchange.sahadan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 29 Sep 2022 15:28:46 GMT
X-Content-Type-Options: nosniff
Age: 493373
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 11872
X-XSS-Protection: 0
Last-Modified: Wed, 11 May 2022 19:25:01 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 29 Sep 2023 15:28:46 GMT

GET
H/1.1 200
OK 85444b226f71dc04e1928aeaa1129042d3a9ccc1.js Show response
baltar.dimml.io/flow/tg0v/ 0
282 B 288ms
28ms Script
application/javascript 54.76.66.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://baltar.dimml.io/flow/tg0v/85444b226f71dc04e1928aeaa1129042d3a9ccc1.js?clientId=2&dom=exchange.sahadan.com&url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&gemius_sent_once=1
Requested by: Host: cdn.dimml.io
URL: http://cdn.dimml.io/dimml.js
Protocol: HTTP/1.1
Server: 54.76.66.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-66-96.eu-west-1.compute.amazonaws.com
Software: dimml-2.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 5 Oct 2022 08:31:38 GMT
X-DimML-Version: 2.2 vH8ffFv9
Server: dimml-2.2
Vary: *
Content-Type: application/javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame 3A20 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75690bbf3562d0d8d2c1db25239e68e1c1a3f3cd078b5724906bf14e9e9892a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1980 2 KB
1 KB 52ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAJX5oKd9SMAASes6jiqruzhddKTQKnBA&u=%7Cr677eJXg53HTWyRJtEWnKtSzRSlEqWlwkdGdzugC16o%3D%7C&c1=s9Ouqadr9PMXEEf9T3KSp2NRawDp88DGRxIbKBsnzqAtaD38bvZa_moYIyKPRD4qProvrB7dFEjms2J6BKuo9uh0TvRWo8H5gWhZ5Xcjntf5InsIZYwQWpK08oHRni_OrOl27b6IBJJBImsBiE2wfCs03WE_LsOZz4BCS1jk2w79hvfyh9Ha_rXHFkACg5zK25aiTgjJM62h4T8v-Xu7pxlQbjPcDh_vIFsTqqQ-rWFi4L4d8M658qVFDGiH7RGPoZPhOcF0Nak0hpyCNnC_2tzDTPAmpl8Kec82JnDOAfKKJkRGgaT5E3oR-YAWye0G6G1kAgdU5D8iucCQncvg4qoeJ7IQuWpXZDIMZpXT6KkDRsPNQizPBj-kzpxd_8rKCNiTKB7PQCC6FQsa5XitGyy_WylU3Hh05smLA0vJcldCPVtwsgm1bD6Du-Sh6_xdJk0TYndZOT8hGa9V57A_bjP4tVKcfX8D2Yu0MBfDU5t43NKafZ2tYcvN8qRIlsIzFW8EFPtCxTrWhwK3COgR7m17ILMh2na8d_9Qc804hX9gu0lx78mwNPpm32nh1WiyIDb8TtDUw5Rqf3vAAQUiiKedQx1KJh6xS7vthG7xIvjYzIVRYsCFHPBe7TQdmub62WDDxwb2Q_M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_O-W6kA9Y5q_JYyp3wOzvZKwDcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAdW20uoDyAEJqQLJA7MKe7mwPuACAKgDAaoEpwJP0LQca5C6DLSZ4zn55seHb4hmvSOyeET4nm6EEHfmP_LcEfBoMCFAE0HzeKXZCLUIer5_NmgX3b32b2R6_D0TvREHsBuRJAQOy8XBX90dpcvGWqCqU-OB8LcBDp8OpYmtDsYbNhJl9EiaSpaYisLrKFMkO4bgHAFMbuczP9xLv9ebCU-oco9zQLJLiOlyQOhVNphR1wvx2KyL2i26jUY5TvrFrAoTt0RoM6hvb4Pg0IGQxz25la4L58TVJ93aeHQcd82xSlR4IpOhDBEzQXuhZUQQYFaKLXdlHdETMZbmS0Z7uBuxcx8ridC8iGiPQ_rLf2Z6mznVwQleXdwqzlKVfiYVrBnqPNxvBC7fBugSyLL-moTvkToBekCc1l2j3Aab-qeiuWqo4AQBgAbyiKW9q4Lrh8kBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDb6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_27-VJMmqQtJecncHPbWqPJooM7rg%26client%3Dca-pub-5610649146674306%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1980 2 KB
1 KB 51ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1980 308 B
636 B 49ms
18ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 1980 293 B
621 B 50ms
18ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 1980 43 B
348 B 62ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=VT2qBi7yHklbZHnt8dsTbjCO-_QWoFUD64ihgIqZdzpYTnJIWvlU4B57Ep7uzoefyeEYzCd-MuLydSR4-93Cw_wa19rUAdXAiBjMykeK7RtHfaiqC2U0xWB3u0W874xm26EcnTSfpHHxnjI9GkhzWjcinZGVNkDUH2xpxBWEArBKJP-hrp2RItpvgXoKF9X3JpEC3bUx9c1mWAMW3fAtbr8FzAS-80BBDgn_IuwAo69fONaq485XCu-KXaJV0csvkyy8N-up79nrEegdlFVDeS02glWzAICgl_TeO6sHsDh_3rbS0l75bvZetMt7YUzQ8ip5ALEO_FwK0nltTb7uPLL6MyvbnjbKnzyBqxgQXhCkzbWLnoeYi-DlOK_bK3Nlcn8GW9ynYB6_cOpDuqz7JXh7pRbhuTlhE6A_Vrs3zZ30DUzH4XESUcN9Tc9L5YVg_zoNsw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2458743
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 1980 12 KB
5 KB 31ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1762605
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FILXgqB%2Bo83z8EwE%2BMCSsWzczmeB1MARqfSZoOVSkUNwCl284BoOWQinUwa8E0VbgSL731Y0%2FQYMY6zc5bIf0GsVIi5%2FAbFnjFJHefAPkkQelLkzMB%2Bpnc2zBsMr0%2FCeIHZILTHwSLTTBukuxzTGMzEA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7554cd5fffd191fc-FRA
expires: Mon, 25 Sep 2023 08:31:39 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1980 12 KB
6 KB 59ms
38ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 4 KB
5 KB 120ms
52ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=496&m=0&partner=16367&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F16367%2F180504%2F6d5fc2c8808f4d00ac3c700c182ea0b6_white.png&v=3&w=196&s=VQ_RLQDGKLYvq14kdzMRlcBc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2536a47531f084a5f7b21ae21f9fb4ca20812d261e19c32f8f5250bb9675a824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28935504
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 4558
expires: Tue, 05 Sep 2023 06:10:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 21 KB
21 KB 93ms
26ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=16367&q=80&r=0&u=https%3A%2F%2Funo-production.s3.amazonaws.com%2Fchannable-images%2Fabsolventa-new%2F236.jpg&v=3&w=400&s=utgjJ5-Amm86pBYDQ0d04s2J&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

15c4184ca87a62ab093685595606d5891e2143ab50a1babf12ac68ef071f498f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21580
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 23 KB
23 KB 114ms
47ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

759ac5f84293ddf299aaa2d7cd9d5d5498d65563a2abae498164bf0d86d93ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23556
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 19 KB
20 KB 96ms
29ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e18d65acc018d89d0629789daca6bcfd0baace4b4cbcb5a3e56f7cf6fe7997c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19900
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 18 KB
18 KB 112ms
45ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

397375e1cf974deed6de31655068818c8e52827234138e83d29385edbdc13aa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18576
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1980 13 KB
13 KB 96ms
30ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f752902092b6bbfd46f73454eed8642f9cce99d931a1390913e6fbc314f40ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12880
expires: Sat, 30 Sep 2023 08:31:39 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1980 0
128 B 111ms
15ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=2azuf8Sa1CGbGgDPvf3FdqmAWbjcXjgjSkbyk96Vm2FdIP10oMUOutP_85CBDXP5f_MPBIMFIv7Dm78TO87-qvd_K6SluSAbbJHkCVESTAHNdlMApqYtvEK-06opu_PcAGTjCnm0na9sAxMkQHzOZ92hr37EYnvMcLGC9sX5XDk0pdtBw3zze5lJzXmXcXAN2jXzTAc7LZ-aJ_X4F7_3DM-eZlPDEkYy8WPmMUF7GGxjdSicjTHsKsux46XS2UG0SOCvjw&sds=2&rev=82987&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1980 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1980 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1980 664 B
858 B 124ms
45ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 06:42:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5948 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yz1A6gAN5vAKd6KBAAH6ZO0yHMIsjnhgVitgUg&u=%7CfnaWrL4fzIOaA3yJgkis9UDLPLX1u4Gro%2BspXBGtrh8%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9W2wfJVZL-mlqJIG9cUD21Ox4KLfKTEKenOvyfU3Ls5yHk3uOfMnC60EkdONOb-SIvznE91SEL37wc5iU8xX6OWKK_hVgq3lj2WjqEcVYT6cNy9dxFhOBu3LSPehh-XUcKJLrsGz1P6CQzK2Iba6QMuMWGRsjgvKr0-Q-HYpizZ5PrcEu_26I0AmNbp1xMWt3Dpf-aYSxu9bAV8StA22hR1PB5nj3LinmJo-ogaRSsrWrUx9zY6pXfBAqn5xuJTn_z64bjsGY2Mhhr0q0uQJh7ZBSLkJI6VpQUeHLRijj9VC6OfIz9TgIRIAQYvbuxdrsD5PmldHY8RjmY4Xm2cwg2QQxa8LvCcHYj_DrygKuwFGYrPEa7EK6PhgrvZRS8rYjIkwxYLJKGnGP2JJ9NbpAoPQBLz5KcOefWpPrcnR7K0SryPV8UkoTPhoMzB7ouZ0oBuTtpfBQlSHj8WBOCv1pKVPuWj3ht_cVBD7o3WVjUuYa_bLWksMdZqTG_gUeaSe04U73_OWVQDlHX6GR-k5MsYtaQiboUZyc9fqpKopI06GECbMzmIGWw7eL0wrmsS0KR&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKIUU6kA9Y_DNN4HF3gPk9If4CMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNTYxMDY0OTE0NjY3NDMwNqAB1bbS6gPIAQmpAskDswp7ubA-4AIAqAMBqgSQAk_QfhA3LZLXTjQmsOqEtdAW3558lMGR0zGugumERDMW62jL0pdHdWWeu1jaPE2M6897tWSwDJlZ2UFZ7unA7OP__xlRVeU1f8qzwcT6Fh1JE_lOWch3VmwvAiI01Xo-5SA1lhICpoybLUl0PUIGIz2Ylj9JxPQEXJhq0pTe2Ve4p2WXjY9Gq-2_ZqMVUSgwWINuitdo99DzpmYzodJm9hJQa97wLe8W1OwxpUKK16MDxYWb8EHYS7iEfO7sTmQgV_lWDgq8M14vAqtAbaWohC47B0tmYONVraS3JOooDX4KKSSOMSpbZqF6ADN4lZtkNuBMAiaZwQLwsrE3HpGhER8il3D2-871RRGf4Oexj7AW4AQBgAbg5LzQluWysEugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tMTM4NjA5NTI1MzQ1NjA0NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2MU3e6vClzTdGShMq1zxv4bjEF1g%26client%3Dca-pub-5610649146674306%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5948 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5948 308 B
636 B 26ms
25ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5948 293 B
621 B 20ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 5948 43 B
347 B 19ms
18ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=CHbpi8zr41dKWSoqpJyvvy8-QqN68iUTfPNDAdkLMZtnSdhGxI3ISwq2UQzwVvLUw9Brxw1Nh3cyM98CX35KWauw3SordiIDVlgpDviwHUBnLB-E8HucFQyZW8xv3BR87KT7cbY1HdPa_xrJfXqJHIsQMqlTgwc_P4mTggsPww_IZelokCwpcIV-xf4hNPaSjgRKpoNNvN3g3UjHGhjsbi5zyQe_AS-2Uy9PvabgQNbKiUCsJx5GgUf7i2yx-1srvoPN8KH6uZLgIklsNS_DiozzNuitBIlCYFjfAigord3-pMNS0a8erDPcC0xQ-wcydqLJWQCzsqT01Kuld2NAsneCzf7t-o8x6gfzeaykm7ecpT0kVzYS0oWDPmcAazGmPUaPt8q1-SBnpwUzjwx-IdT18w8gyf4R_fByvV73BWhvo_2YXbre26m8DMnV22AsZeA8Ig

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3150096
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A145
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ6oD08QEYnf3IwQEwAQ&v=APEucNWFIVnuJjPb5oeJjqnOyJOQWNPh_y4J3LqZsK0QSU3u0llWs2ov9VZcPs-nLsTLv9eRH69iZhuajmuqgIfYOkYbbwCUh-mSRyLQJmZpi6WiHck1bKDc2v5Bt-_ELyhpQhJLVjkLvqkyxmTcC8B0lMukOkqGmoA4GQ2CFvrrw6VAOLzNaSIc65gvsAbjAct22oYRYPaNbEv7cbTRAZQGRxsfvvRkIw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A145
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz1A65AXEbP3xY-9bmJAZgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ6oD08QEYnf3IwQEwAQ&v=APEucNWFIVnuJjPb5oeJjqnOyJOQWNPh_y4J3LqZsK0QSU3u0llWs2ov9VZcPs-nLsTLv9eRH69iZhuajmuqgIfYOkYbbwCUh-mSRyLQJmZpi6WiHck1bKDc2v5Bt-_ELyhpQhJLVjkLvqkyxmTcC8B0lMukOkqGmoA4GQ2CFvrrw6VAOLzNaSIc65gvsAbjAct22oYRYPaNbEv7cbTRAZQGRxsfvvRkIw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN17TqcbQOzV_yr7XQeRcmI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A145
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEW4ECFvponcvA-YjgF66WA&google_cver=1

43 B
1020 B

14ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEW4ECFvponcvA-YjgF66WA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ6oD08QEYnf3IwQEwAQ&v=APEucNWFIVnuJjPb5oeJjqnOyJOQWNPh_y4J3LqZsK0QSU3u0llWs2ov9VZcPs-nLsTLv9eRH69iZhuajmuqgIfYOkYbbwCUh-mSRyLQJmZpi6WiHck1bKDc2v5Bt-_ELyhpQhJLVjkLvqkyxmTcC8B0lMukOkqGmoA4GQ2CFvrrw6VAOLzNaSIc65gvsAbjAct22oYRYPaNbEv7cbTRAZQGRxsfvvRkIw

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
AN-X-Request-Uuid: f012eec5-5954-458b-aaa2-6b80e8542cf3
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEW4ECFvponcvA-YjgF66WA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A145
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Mjk2NTQ4ODc0NTQ4NTAxNA%3D%3D

170 B
188 B

144ms
64ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Mjk2NTQ4ODc0NTQ4NTAxNA%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 08:31:39 GMT
AN-X-Request-Uuid: 7c397904-8d7b-49f4-94dc-c92a82b99050
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Mjk2NTQ4ODc0NTQ4NTAxNA%3D%3D
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 5948 12 KB
5 KB 35ms
23ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 125888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F81hW2GS2365cGsardXDxGEQFy8G%2B03UjKcmhIu1lUPkh68XjmU5ZkmU1yxScdw16ZwiqrIagxv0MvFjcaNuS8iiZcRnv8MHUXir%2FT1CrHWITyJosoFSt%2BMciSd15PhSneY5T4KKWubou8L8hfQwF8M7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7554cd60a8ee9170-FRA
expires: Mon, 25 Sep 2023 08:31:39 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 5948 12 KB
6 KB 20ms
20ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 873170875c1643508181890d339c6d37_cpn_300x250_1.jpeg
static.criteo.net/design/dt/36976/221004/ Frame 5948 42 KB
42 KB 28ms
26ms Image
image/jpeg 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/36976/221004/873170875c1643508181890d339c6d37_cpn_300x250_1.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e324c014b919ca8e71c928e5ca608e16c71cc5672481b12b39929377bf6ef319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 04 Oct 2022 19:57:38 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "633c9032-a802"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43010
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 6 KB
6 KB 17ms
15ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=76&m=0&partner=36976&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F36976%2F200814%2F5ac7de56711e4ee89f160224ee7b94fe_logo_nakd.png&v=3&w=596&s=s5ajg0lpM8FRwTHtwks1x3sW

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

32b3e621ea91cb52bb607669b5df5a09a99359355fdd66554b8a93bcb5724511

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29030959
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5720
expires: Wed, 06 Sep 2023 08:40:58 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 12 KB
13 KB 18ms
16ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fnakd_wrap_rib_tie_top_1100-002878-1346_01c.jpg%3Fref%3D2702C2846D&v=3&w=400&s=cJrVw4yKJYR9Gqv18XpRyncx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

42926521c51bd0e8b8fc905b82c0a8087285ea02918c6f07d90608d5a45f0f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=12847069
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12596
expires: Fri, 03 Mar 2023 01:09:29 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 5 KB
5 KB 26ms
25ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fnakd_asymmetric_strap_short_dress_1017-000665-0002_01j-1.jpg%3Fref%3D7F27908B09&v=3&w=400&s=v6smvCU1v10mOHrZ4raCufPD&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

78fe99eae6c48c8c8dd4ec4aa260d907459f7ded80c3424d05b525eaaad6ec18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29240142
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5216
expires: Fri, 08 Sep 2023 18:47:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 9 KB
9 KB 18ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fnakd_fuzzy_textured_maxi_dress_1014-001274-0342_01g.jpg%3Fref%3D6FF805F26B&v=3&w=400&s=bSO34bp-sfjrRC0YhhQM1ndZ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9eb24fc8bc29d28f778ca720cafc0e566e0c8c98e4cd6ff59156c4656a9ae0bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=27939979
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9072
expires: Thu, 24 Aug 2023 17:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 29 KB
29 KB 20ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fhalterneck_melange_mini_dress_1634-000012-6175_01.jpg%3Fref%3D79C06AC2CD&v=3&w=400&s=T3U46FYw171R4Fbv9FKDitOK&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a54dae69c556d5198e105eaf0d19ef6e9c0b21e87a340de5d00ee931450e56d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31190563
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 29348
expires: Sun, 01 Oct 2023 08:34:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 20 KB
20 KB 21ms
20ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fshiny_high_cut_bikini_panty_1000-100823-0002-02.jpg%3Fref%3D3D36DF2B84&v=3&w=400&s=sNxYB__HGrLQpADFLUfoXnkO&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

756e43dbfef1d1dd0248db29ec8c5513f4a90e45e2c91568572cc89bbf18b0f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=17690193
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20396
expires: Fri, 28 Apr 2023 02:28:12 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 5948 10 KB
10 KB 26ms
25ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=36976&q=80&r=0&u=https%3A%2F%2Fwww.na-kd.com%2Fglobalassets%2Fnakd_wrap_detail_shiny_top-1100-006246-0002-3307.jpg%3Fref%3D552EDB9EB6&v=3&w=400&s=eHsw2aCRBnvCIH434XNCEZcm&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

65dbe1c18755a5a825e8d242ace8b4d6d023645cf4dfa241d77f8c1800061c12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:38 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=13914179
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10152
expires: Wed, 15 Mar 2023 09:34:39 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 5948 0
127 B 15ms
15ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=B3tzssSa1CGbGgDPaUmzv_dLN9kIYQZFyqsUtyCZPOBwFP9h0s8thJIkSrRjOU2AtVbN-X54WbZZtqeFY29zTPglztm2wi76qTIFpk_NHRp3xUSXLJVoToENpfpVnmCYElhSIrhOJOUArKXLHcE8X59CMwGuXR_70hqYUVQn4MmHQ-nZGBSPDM_LgPKNqs7FWiN5L7Ehx-FpHKbpiDryPV7FknVzxOk5dq4F4XeyvMlco-POQ4KXIUdHM3x0w6RfSK8Oxw&sds=2&rev=82987&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:39 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5948 2 KB
1 KB 35ms
35ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5948 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 30 Sep 2023 08:31:39 GMT

GET
H3 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C167 6 KB
3 KB 48ms
47ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 352 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6df79e98ac3f39a612316d11ac887567173d8b940ca5ca1c48582e5ac57e79b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7acea79c2521213b0e379bcb9c0fe0c690e5cb7ccad1998c5920b2a5699843ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 47A9 106 KB
37 KB 161ms
54ms Script
text/javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Origin: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:30:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Oct 2022 07:30:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/ Frame 47A9 8 KB
3 KB 167ms
60ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C9vqLCH58GGW2luSJFhOfeU4gjYYYoGEkWOEeywTl8gHhbvZ72XgJiIgTRO4mh7BFLsHe9pB_u8upIxuWifnxa9LfC4aZGnwgxj8HlXstk_xcBKSw_a1qhFs3HTCWz8kUdpSZiCCCxVWuAFOLIDIwmxCh15o0eAZjl4prgsXPXCG9THBo&dbm_d=AKAmf-DhZAr8qzl2UBvfFbYo947iq-YJZ32auFPNZjyp_WMCQ1GTjLHYI2hJpbGYSI5wLpE1kQNhbvGQI-DtPAumr0APsVS2bWF06UzpfuTPNtw_0Ttp2ga0J11_fVDtu3V57JKhBCGySHzH6aUxdCrOhaHKnha25XyMdkjXUslIN5sSvMpu--vvhW8toAQFndHtED1iMjgkCyHwxkrqtIUWFwyP9QV2XOtTR2O4wj-5RuDywz1eq3LIHcwnF3OV-tInpr6bBc9WT35FybvjW0UwP4KfbO-XW6QC5z0XDmbT87KrPSD3EY0Jj1BOM7s0nGRIy1v-vgvDfufzpypwvtXZmAzkTMnQG3vFiTscThuTwZWRDoFen0xphW8A1Z4es6wO52n7wsO2Luh-Vf76UGMJw3QLNLprShZiIAuAuICts2QotY7TK0MZ1czOFmeDeClPMCcp1AGFYciDiOSezDmafbcwp2xmV46tzwvga-b47nejAFQbRJrwr0bpygnQL-o5j_1K9lZcaIXUDbv9WVAqPMhPt_c_IgrGslrqEtC5IZbJyP7jy8ROMIrmoI4aT2qLE5alLNwVJ_X-gNZRo5Jc8eIo8dc0grhe6-hJ3-TP0y_Nnu9PadB5_Zft-RCM_YtpXTcCIUREHRcd-88GDMRWctj6-2PDpdbLMpGc-tVphzbTwPtoEc22ZmIpdYpGPVstejPDL5VEyXmJVTE2x5AiUXM8REtB52PYMez1JGiOKOM2OSScWVAGuyd4bEciW_hDm0bz9Qmdj9eOqvtzmIf9tc8I1KeMUKYQx_uHvCTn8dPjgFAcdnWZnn_Yi5DyPdoF2lXoaxeRA3dVRK3g8fshouiUrfYujiSkocKrPpWxJyjm0iSAMGXQ46nuVvNx4dvpwcFTowWSWp7kJcdRWyfFvmeqOfaDf7U58ZUUO8IfzE4x171y6HK0eHIA_JKNgJQGU6nvUBz54tViSEFNYGQhVy5lZUCwW20JPmA2C1C6sABuKBuBcSjmlYzYeXqNWmqjUYLu7e6DLxCpKXrgYjOzcndnG7XhKkhZfxpAiZQQfBpPtOuk0W_CSgUq-1KS9r2GQgySgOOnWSl9qTh76s2gRQyNIbPJEJPxYdnQzlEP8iZlMDVPtLFPB0LPKeLd6xc0zzpbrlt5aVk3Jp4jneZ5CPrVmlgPnOPZzpry4HSX6JbunpO8Jq6SRyRwE_tzKUMrybtEVD-nh2r-d-FNktu55sYPx70JDY-PMPOX5MrUleIW7lOdppSQj9kwlA2PdoSuXyt-UyQhEVsr9slgLpjReniz18A_714KCDVvIbsfGRcOemzW5HyKqaWuy_V9wPRQe32stT9d9JZcW7kUG7siXkccmHtsZ2s_k5k8DKJSLEnZHRkCF_T8s5wM0gUoQ5MtCrZD8SPdz0MdrU7CtC0FtMNnPdZ6PGQ7EtKUHv3KE3PwXUme0m_BOf4DK33BZCZloO8u8js-iacy91uXzLDOmoSTM4JMVywUqGW5zN0DGG6v5y5J18YKs6SVbC_0a-G7CkcbWApZyOlw5yLVz7qU9PYR7FHL2lMuruViDBPNYHzNj6OVLcqA_qHkZg7Bz8yqYZ15HNmKn-92h0IrNYc-mprCtauDVX_o0t6EPFzAiL6u6DL2zm8vEYRfh4PvIxrPWnFN_vtbIgKKwp0LLXRQ7tgm4mvh2FAhiJ3SO3HNnuc8jAyun8BcR7xyFPnHayfAmtR460lpTCeawX8_hgcUpiXpCAvuDynJSGY7uk6M-DvIkIKrcfhwbSWn-DsjxSyBaPtX6AN4OeVypOFQiYoS3CfO-YqfsIZKBjdAgO_V8l4rhLnfIIZmC5jHYdCe-ngEC93UpnCV_N-aI6a3lRJ7zxHfjNAGkmh_UmWlcTiit0dV7R3kcNLQrBba9FovlvZC1IL4MJiwOdqtLYIkix4RaIkStyxnIILSvkcPAs7Zn5RnX6AHRxRD6AOAI0UA7zCs92UGMHz2Fde8zgEo4xgW7eM3VBSTClbCehhD60qi60YJAVAXgTXT2c68ljVv-o_du1fmyjqFMZy-Tusy7JClfBOhEhmCJ40A1isvA-NySpfjc9HbyW4U3zKEx51LkTWtDQfuiCHYi6leUQ-f1FCjwfevAb2Agx5vk8c8u37qB7Wz9ApBdIiFiSvh8qOvj8zn4s0uNbdlILBhKeJ7b9PMCpMh9N9Nzp5fVs4sXlNfc3nzhkq5dm98d6cqJt1GHRDp280YCC0yaLL0yuhLufldla2rsmU07osRzd1x3It86UtWyvUwgLy6fN635w1pH0ypUtHhbTp_eQs_2EYjAWnWNYuDRY1mvfqqhX1gSh7LHqgvSRiBNpsSp9IR-DMVBoBFYPwJnMsCFoeCILSGiJgbk_X5VjdlpyHbobW8l0x1dzz6Hkn4Wd_V5nDyGCnwXsgc_PBokw-qRIikZ6hJYnlGtPR7N33ik06Y6vj6fKncpWP-3SO6XX1EFK3LVsm7E3LuuvsS007UBuaLpNNdT9rgpvoftreXoZkk5XPVzbfdM9GP6enlpR65gHGZMIYjHew4XYjq3X4R37YkVmHKIGV3n4TO1TZSmbbxngYdnnyv67Z9lPn1yzUiuEWBZBoZDQsHQq9hV5WL5I3lpoFrX4C-2nx8T3CqUbS2riq-3uTEsLWzAEfFT2Mvv1j-82IRddzcb6w214OCO_s4eQGE6mwVVVbBu_I0C8b3ynwcYVW8JfXCcmGeked-kW568rOQ9vK90eKH5K67FQ9gfU0vKhZNphZuGUVefqOWf90yd3XeDv8El0DWZzDEry0qeflx1lV5tBQ5_7LCE9ICPSOfPVOc3jkoaDwS5_zpFoyrlITmwYzgxowQ4NK6amN_NM64hfUbWQnz5X2aQH7PcMyRVeI4chhLTpmrgLYvdcMBUz1w1aUe5FlZOHOyL66aiz1L9uFavDodbsd6R0VLX_zBdAXiUG08eM0kPSbY81-muV86_jTbrtymc7PJ65lqm-o1gZP8v6CCS2JFF-OIRjhItWkWFpMeDyBAv4pADgO6Xz3frMAG3HYVjkyTE5yLJhBCyexQ-PMCCl-Fh2dyWIvJRlq7-0-NtX7Oxk_EFuG2Cdsdu7iX2wLqR5pNqTlyA9lBdlXmW1W5yDQB8aWsWC0FN3hOlJdOxgYxPePtFRI6MZlFfxnjLb5KyJuOobnW_Nyzp7gyvujQdotisiSvhdfl-AUJdFpUs3pBjwApMI4udL1vj6Zoke-ovKZqM7c_DcGzzK-1rmgfeWf5DI9qBjeInnc_F4xJr8MXNQ5VUw9S6CBCH9gLzPNmeqlXAjLohSSeFxY2ACfstUYqapKwAsTvUBzMtyz3TQtXLR0J_W4TYvyfnp7_CFNJ0JTUtyWrYLmsTb5KOqfMoc5p7lj7C937oYVyYKTSGUqNWvkosSQL9lEIDOyo0M9XSGhJTOdrKGR3CUDHNMoR6kvr-hu_2TOYwPfznV3jdFVC6yucrH7LU7Eh3F7ci5bmlOon29L594NP9Hr9EIEQgS-fiNVzE_ue_v2vKtSdCLmvxX5XNVySIJOGxq4dAB7pDTk&cid=CAASKORoOmbzqwbcE2xMEIu9oTrNCClzTIZZGP3G2r9GsPdanpEf3BnZeKMgDQ&rfl=1%2Chttp%253A%252F%252Fexchange.sahadan.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:29:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 08:29:20 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame 47A9 30 KB
11 KB 159ms
55ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11727
x-xss-protection: 0
server: cafe
etag: 4188671789125589074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 08:27:25 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ Frame 1980 23 KB
24 KB 175ms
58ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 10:23:17 GMT
x-content-type-options: nosniff
age: 79702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 10:23:17 GMT

GET
H3 200 container.html Show response
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D26C 6 KB
3 KB 48ms
48ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:38 GMT
expires: Thu, 05 Oct 2023 08:31:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 5948 5 KB
680 B 157ms
58ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700%7CCardo:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76dbd9dd65bb9f6e335493ae43b89bcf84cad31e0be3d7d778705bdf2e2f23f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 06:39:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C167 6 KB
672 B 92ms
52ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=tr

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

48abbbb87d8a3a1f97940449fd42b27a75079b449e844fad811e1231cdc57836

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 07:14:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C167 4 KB
621 B 91ms
52ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 08:22:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame C167 34 KB
14 KB 58ms
55ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e9b33e2310fe243055ae2d79e9a8805caf7ae61c256f41cc07f4a7ebe5f400f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:34:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14200
x-xss-protection: 0
server: cafe
etag: 1464250934554425876
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:34:28 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C167 22 KB
7 KB 60ms
58ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:28:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 15:28:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C167 141 KB
44 KB 203ms
96ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:39 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame C167 23 KB
9 KB 76ms
75ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2192
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9561
x-xss-protection: 0
server: cafe
etag: 483224313611802536
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:55:07 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame C167 3 KB
1 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:44:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame C167 17 KB
7 KB 77ms
75ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:28:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C167 0
0 69ms
69ms Image
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRGB804AzIvni6tjZPRoQcTvqO9JtpxVNXHUXmr_T3UJHEH9T8lfIvT62sJ5S4J7fU4gpZwI9VxLPDDVEAST--_aSOtZg
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D26C 0
0 87ms
87ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CO7xP60A9Y5nYD5jq3gPwk6NQ7pK1k1y_ooXH5AXAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNTYxMDY0OTE0NjY3NDMwNqABouD8lQPIAQngAgCoAwGqBJ4CT9Ai8jvtidg30Ey1NFqRjEFVYj_EGRWADZfhsbo83Ez3Ty1Z7JvoMRoR7VJ6trY6fAGDstoHx_Uj_UdWY8zmbH63i56c6NQASWYorgCWX2gQixbfTVhxQAqKvDI09aAXVeoNxxtWR37cLIJ_LFfg1DbxZj_di9CztS9fr8kbIt7ySUaWS_UuSq5Tz1zijVUroS0mN0k0HG4qlRTeKr4zA1lUbNOpB1nnBMOl6uoSPi7AKo8OvaSmcILtODqwQFJ0sbbCmUR1jvB5TqxaDBN0cMY-UycwzlIUxtawJFbwr4QIsG24mHxoKZ-arcDmvfF9mAsFumAbMgtxhnc6uT8lTa_uAu1bbsbcV_69GitmuOAlxxDhv83RLoBzh9BAvuAEAYAG4si7gKaah8lhoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDaACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTYxMDY0OTE0NjY3NDMwNhjqoxw&sigh=5XTHapDRZcs&uach_m=[UACH]&cid=CAQSPwCsnQUx7OetTyRToFC1RVxvFh9e9rm65Ph33TME5r4llrzV8AS2YZMj04ItJezbThR8IpmKeeiktOx_1sdP0BgBIBM
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 ttj Show response
ib.3lift.com/ Frame D26C 13 KB
5 KB 167ms
104ms Script
application/javascript 18.66.112.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/ttj?inv_code=ReklamupNetwork_RON_HDX&tid=206229
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-28.fra56.r.cloudfront.net
Software: /
Resource Hash: 1afaa2d7927cb0e2f70b4ca9645888d10f0e87e5d0e0f8d24537f9f01ed9ce83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
content-encoding: gzip
via: 1.1 cf2071a2896a4f71dbfdbc521d554362.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
etag: "a747aea7bd9f49d44f98f5959d0fe9d0f8947b62"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900
content-length: 4531
x-amz-cf-id: 58mdi0ZtpwWIclK85zK_5M-SDIhPzkX9cNPS-ifv_s4JWybjY5n1SQ==

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame D26C 3 KB
1 KB 74ms
74ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:44:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame D26C 17 KB
7 KB 58ms
57ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 07:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 07:28:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D26C 0
0 72ms
72ms Image
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSDYSHdfYnRVEOfSyToa9kVaUmrTYcMduJfn7_b4Bn2aGEfPYaAS7lsdB_NikssARH-JQilhw_6ZqKRwRevQvkhvRySVg
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D26C 22 KB
7 KB 71ms
70ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:28:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 15:28:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D26C 141 KB
44 KB 285ms
203ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:40 GMT

GET
H2 200 notify
tlx.3lift.com/s2s/ Frame D26C 37 B
184 B 79ms
6ms Image
image/gif 18.198.74.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tlx.3lift.com/s2s/notify?px=1&pr=Yz1A6wAD7BkKd7UYAAjJ8Aod33p4yqZTGgN1ww&ts=1664958699&aid=35401506074690056321920&ec=2460_90081_90146861&n=GuwEaHR0cDovL2IxLWV1ZGMxLnplbWFudGEuY29tL2JpZGRlci93aW4vdHJpcGxlbGlmdC8yMWU4ZDI4Ny00NDg4LTExZWQtODg3MS1kNTk5NGQyZGYwYTUvMC4wNzIvT1NMNjNYWUhJREpRNjVVVlhVVEQ2MkxSUEgyVFZRV0RQMlA2WlBTSzNaSzRBWUdDQ0xIUjdTTkNLUTRQU1lZNFROM1ZQQUtaUTVTNVgzU1dXWFZFSjJEMzRPTExCSk1QVDdCVEpYUUU1Wk1CRkJLV1RBQ01TQlVHUFlVRVRXRVJJN1BNNUhJTTdTR0ZVSVhFQjYzNTNYUjQ2M0s1V1FaNzZaTERWSzNDRjU1Vk1VTkk2TFZONVpVTEdJV0kzNUtDSDRGVllVRkpSNzZQSTNHU1hGNVFWN1Y1V082Vk1HUUNHTDZYSE83WVdMVFRRNTJZR0JFSFZGQUFQVFNRM0dJRUxNSlNWTUNBQUdBWEY1RkszU0xLR0VLTVYyWFlZU1pPVERZTFRENFVSUFpUM0RUR0Y3RlBBQUg3VFM2REZGTUJJN1dJQlpKV0hQTllaTFZSVlBSUTdCSlMzMkdTV0wzRU9ZUVU0RkpDVFRGQlhPWkZJN1QyQjVVNldWSU1RM1JOTklDNkFKQ1hMNkpWQjRUNDM3REFQUTVRMzdYNUg3QUNHUVJQVlRFV1I2UFQ0QVlZVjc3UjZMNDVZNjVVUjRWNk9NWUY3MjRHRE4zR01OUFFMRE1XRVg2RktLQ0xRWExKNDVLQlNRTTIzSlUzQ1ZZNTVWWFJQUkEySExITkdMQkROSERNWUFHWVU3UzRRLz%2FyArsBCAASFzM1NDAxNTA2MDc0NjkwMDU2MzIxOTIwGAAgASicEzDhvwVAAUgAUABgEmgCcPiUIpABAJgBAKgBwp36B7gBCcABNsgBSPABlcsM%2BAFIgAI2kQIAAAAAAADwP5kCAAAAAAAA0D%2BoAgCwAgDIAgLYAgDxAmZmZmZmZuY%2F%2BAK4OZADApgDAKADALgD8ZsCyAMA0gMIOTAxNDY4NjHgA9eTgx7pAwAAAAAAAAAA8ANI%2BQMAAAAAAAAAAPgCBYgDAJIDBGRiYTiYAwCgA47IEqgDAA%3D%3D
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.74.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-74-33.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 pe
eb2.3lift.com/ Frame D26C 37 B
140 B 81ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/pe?fid=18&peid=0&aid=35401506074690056321920
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 88ms
83ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_pgbrk&pvsid=4285071190643003&vrg=2022092901&nw_id=90851098%5C%2C96769799&nslots=6&eid=31070046%2C31068357%2C44774962%2C676982961&pub_url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&qid=CMGbvr7WyPoCFYO6dwod9dcGeQ&iu=%2F90851098%2C96769799%2Farsiv.sahadan.com%2Fleft_sky_kule_banner_homepage&e=512&ret=160x600&req=160x600%7C120x600&bm=0&efh=1&stk=1&ifi=6

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 47A9 41 KB
15 KB 50ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 18:03:11 GMT

GET
DATA 200
OK truncated
/ Frame 47A9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b326de527026dcbdd3c231c95df9e2ba26cdee1e68d958b91c5883b6b1e9856

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 n_one_vway_bahia-principe-es_np.js Show response
bucket.cdnwebcloud.com/ Frame 47A9 1 KB
887 B 86ms
16ms Script
application/javascript 13.227.219.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=328125256&ord=173555109
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-39.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74130e91791cf3496d353724953e6466d3240ea308838a482dff16cd6c119aa0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:20:41 GMT
content-encoding: br
via: 1.1 d3fdd96b3ada000b1a8c2d522534c124.cloudfront.net (CloudFront)
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 43860
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: dbHwkPjw7Qk4JbzYLxlMN_mWQZEM7cKcCp0Nb7XEwGJfrlvFJc_HnA==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 86 KB
19 KB 147ms
48ms Document
text/html 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffbc406bafaf3172d88be0d60df6f4b57d97ade0b3b06d02682d7d77766673b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 487618
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19683
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 17:04:42 GMT
expires: Fri, 29 Sep 2023 17:04:42 GMT
last-modified: Thu, 12 May 2022 15:43:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 47A9 0
622 B 211ms
86ms Ping
image/gif 142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv7ysXHawzVA0uwMxbcKLlC3PjW9f2ULx6Ji3ynGe9G6zoCKr8afDI_crqcJ2nshc6EmDC2TvJtKa0gZX_q5F21-0rvzFH83x1f-41j431jRR6c7GWjtsuzZ-4voCj4_0qHyJmvEmLBucim6iOfW9VE-LW9NwWTpKuUb3Y6epqRTLlPBpNiJHayjweDY8DHSqsXXHsL1ag2PIvO0UyyU2Bqs-4w03IwHSUcMtuyE38m2-cmjChFOsx9_Xij4NeXnw9JT68f1r-s_TByBbkyo4_-gWJDOmk8XdYfbMFAvvNDTh0W3WWs7-qm1IWZx5Ie9rw3tn7JV3tjcXhzpHIGq8JAL1mcUM-mtJoH8kOKSc4wcZDhYYfp8oKnab0I3wdWaMswItpPdna8vrhESJMDMvZlg08lK2LmhxOe9I1UncUZFpq4ZraMMs9SZUNXag54r1UdL2TbbOuhQeHCQqAD5j2zODeVf1INmBN9a5Dr0JjlvqPGU1V8jZfDTWfX0W5sJD29Ix66rGSJViPMGSmSkrAAfMqelw7eIVCoD8z835S5d5GQgHo3ek7O6Sc3qdH2EZU2stdaY1MeaknWMxbytF7haKHUSsCkffkoBJUG_nGh3NkUMnXOjwNB9nVncLCUAzbVwntNJDp0CX8ixWjbbTGTd1K_DIiQdnsVO28ixOBBFV-2MOqoopakJ1N8ZJbV5PvyPZ6-xD5wh4Y0o7sNpPy2Z4ijhvvkq_4vdSAGIUiPV2yCkFH_q1tsguBWbFV5F3X8yH0EDiIleYyZd-jBbVcjAkcZpAuwU2t9vdfKT8YCUUKw7JzmmoNju-RHvajB-cOmLhDWXQ5Sh0m4nJSJc6HBJDrcggxrs7JDUVRu-v0jeQUGOxnzMebtsUt2pcyKUgwUIYy8oAKamfwsI1xAflwOptQEYge0CxPkl3RICXUGoE_8N6J2Xo5zsug2CgqjoHOD1Ex_jXsNGZDuekU3zwv_d4-Ryxw3Mkz9HqmMaHKL2zjeTmriAHkm7k9y4QRqIF_cPNKVNbTAF5hCi52Qhk_b0zx2izjj7eUtJRtnO6eYJIwJJ0N1Kx-qyAZJg1pqaSZz4jYWPdP9em3OfJsDRTx0Ua7_oViB_EBXMieTpVDzVhhEnkqUOQMV-3BlmtQJ5wFvUfUBTU21_3hLbAE8PHJY0Rt1MJz3vHPduTqhltLrcNXySBWACVFtE8e7tS3eygrZf_GSaFncs7jn-oKPL5cDA7cqJEQikNUQTWJaDsFd3zMJXr1iEAZPLcDHVPclJOnG14WGNG1HPSu37yy-n_-ZUc2Q4A&sai=AMfl-YTC1ucJ9bqjjOCGHuh5P9lde1cxVbPP7JEw7zkHfQYi9MfwYlOxd29pQYTXus2p3cgiqLmlO0Hl3qh52YhwXXsPwR79VTMCMBTaG897p0Jlk_O-NSfATqVu1y1k3v6sK134Pjll73CTio5DRxdH4xYfz15HI2Kvan5WEELyATJI_DkekqWI7LXbKWj9VuioCXyZ9UAcPjbj4e3TFUKWUVJfiGQRq9eBWwjm1I6b&sig=Cg0ArKJSzFlVE7kbKVKGEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=218&cbvp=1&cstd=216&cisv=r20220928.24348&adurl=

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 wlp_gwjKBV1pqhv43IE.woff2
fonts.gstatic.com/s/cardo/v19/ Frame 5948 15 KB
15 KB 212ms
116ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v19/wlp_gwjKBV1pqhv43IE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CCardo:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 00:09:01 GMT
x-content-type-options: nosniff
age: 462159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 17:05:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Sep 2023 00:09:01 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ Frame 5948 30 KB
30 KB 173ms
78ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 09:20:18 GMT
x-content-type-options: nosniff
age: 169882
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 09:20:18 GMT

GET
H2 200 9211af9035a85337bc32872bda49823863.png
zem.outbrainimg.com/p/srv/sha/b6/a7/23/ Frame C167 70 KB
71 KB 110ms
19ms Image
image/jpeg 199.232.18.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zem.outbrainimg.com/p/srv/sha/b6/a7/23/9211af9035a85337bc32872bda49823863.png?w=1200&h=627&fit=crop&crop=faces&fm=jpg

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.18.132 Vienna, Austria, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

b707cf4d68d91c76b9b93b1ad23a52885d69d9bb6af5fc58988cf97346ad03e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 3160389
x-cache: HIT, MISS, HIT
x-imgix-id: fce8bb843a12e70e2272155cd99e893f0609f58b
cross-origin-resource-policy: cross-origin
content-length: 72177
x-served-by: cache-sjc10027-SJC, cache-vie6373-VIE, cache-vie6363-VIE
x-imgix-render-farm: 01.1
last-modified: Mon, 29 Aug 2022 18:38:29 GMT
server: imgix
x-timer: S1664958700.052956,VS0,VE1
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 dd44865d413a16ed1b56c6bf59ce1aa25c.jpg
zem.outbrainimg.com/p/srv/sha/04/33/9a/ Frame C167 7 KB
7 KB 108ms
18ms Image
image/jpeg 199.232.18.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zem.outbrainimg.com/p/srv/sha/04/33/9a/dd44865d413a16ed1b56c6bf59ce1aa25c.jpg?w=100&h=100&fit=crop&crop=center&fm=jpg

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.18.132 Vienna, Austria, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

aa85fd1b927747c7cd8e976608b3295bcd03c71dd87ac29e3fa8d5afbca51d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 1923935
x-cache: HIT, MISS, HIT
x-imgix-id: 366bf31870a8b53612909ad88a787a2cdab4df81
cross-origin-resource-policy: cross-origin
content-length: 7309
x-served-by: cache-sjc10037-SJC, cache-vie6374-VIE, cache-vie6363-VIE
x-imgix-render-farm: 01.592
last-modified: Tue, 13 Sep 2022 02:06:04 GMT
server: imgix
x-timer: S1664958700.052954,VS0,VE1
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 1

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C167 0
0 89ms
88ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzHjE60A9Y4aqEIv33gOBrbjAB4DA_41cu7_f6NYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAcX_nrkDyAEJ4AIAqAMByAMCqgSKAk_Q5jsAHwULokfJwJakZQCHDNW-T2Xe2A-Nr_dyIUO85mQCaKN-x0rurjYxpsR75yN544wxsOrrWc21JJK_i3KFI77uVelGW3xKFdThOwfAya2WLBIphNgJorqavrU97v6TtJeqBK4n1Mf_4JefZqmF2EEQL8yR_cIKVay2X0UMbD5zXViJ05K8RGzDviRDyNumGIVPtpeQV6KAyq6p7oc9Y1OEgno0JvQzHWY4SpFYd6F6dvUgg7Olg0LP6Nfa67bzXlql1LfqEVuiSSMJUNQdDsrNldBbfNooQr8hqg0HNIQoEIjHqbFZJh6NVjzKVQYSB2urkQPrJS0mvQ53tAyngzvcgM5zpxVv4AQBgAaj_OXt0t-9zJUBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDaACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTYxMDY0OTE0NjY3NDMwNhjqoxw&sigh=g3lMrt5Ut5A&uach_m=[UACH]&cid=CAQSPwCsnQUxttZyfYC8B0XFb8cpYfjqCkuEhStYzhjL4Q6xX6cI6nPqnyZXRdCXxO0WBuCjpHQT8J9h7If3tHxbaRgBIBM
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H/1.1 200
OK /
b1-eudc1.zemanta.com/bidder/win/googleadx/21ee8a99-4488-11ed-a188-61367eb71cda/Yz1A6wAEFQYKd7uLAA4WgRy6lpu2nLJ4ntnNKg/S6G22IBBORMUVQUJY3SWNZHKURUVSWBJ3EEDXTKK3ZK4AYGCCLHQWVTLRQIYP7SJC4B5Q4WSO7OVV7X... Frame C167 0
0 67ms
15ms Fetch 213.227.153.223
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://b1-eudc1.zemanta.com/bidder/win/googleadx/21ee8a99-4488-11ed-a188-61367eb71cda/Yz1A6wAEFQYKd7uLAA4WgRy6lpu2nLJ4ntnNKg/S6G22IBBORMUVQUJY3SWNZHKURUVSWBJ3EEDXTKK3ZK4AYGCCLHQWVTLRQIYP7SJC4B5Q4WSO7OVV7XWDWVRRWSUWHXY33UURPNZ2AMKGGJWFFKFBZEHTQI5D45H2W4LVGWVMZV2HNJRVHHYFFTFJ3QJA3K5WQZ76ZLDVK3CF55VMUNI6LVLOJTF75UB6JB3NGLCGKWCSX3VZAKV3B7LHWFO2MPA6CHQ3GRR34UOMJMNVHHVTO7RSJK6HKDOAQEPNROYTV2HFLI7PCKPERD2LT35B65MFU3X4YW2VGTHRDGZTIPDG25CYTPWSX6IVCP6HH5IEYHP3WMFRKYZAK2OMA7VPQVJZVZHNH7FMA7BCDO3KG2VIAUL65WTZ5RRDYULFXGVFVAFJHPWTNJKCBWNPZWNQI44AXZIC5JQE74EVEDREX7QDIVZ4J2FH3IFJIKR77VUPH4DBK4ZSD43SA2FKN6UDMCZ3Q457CABJMGO3Z24XIF5DYTVQP3XNLZJVSTB/?
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.227.153.223 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Connection: keep-alive
Date: Wed, 05 Oct 2022 08:31:40 GMT
Content-Length: 0

GET
H/1.1 200
OK / Show response
b1t-eudc1.zemanta.com/t/imp/impression/Z5JFT3A4H3AF664RRP6OXBCOIW5DDLNA64W7BZW4OFC5MM5WF7IEPNAU3MTK75NMCWQATDDLLAEASADTFHSFXTBUEI3JLJESNN4YF2HDQMEI3CLTQ3UWPW2LYSLFTOWFVDQIRFHIL26YEBAIX56NNXVTSYDH6S... Frame C167 26 B
151 B 72ms
14ms Fetch
image/gif 213.227.153.222
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://b1t-eudc1.zemanta.com/t/imp/impression/Z5JFT3A4H3AF664RRP6OXBCOIW5DDLNA64W7BZW4OFC5MM5WF7IEPNAU3MTK75NMCWQATDDLLAEASADTFHSFXTBUEI3JLJESNN4YF2HDQMEI3CLTQ3UWPW2LYSLFTOWFVDQIRFHIL26YEBAIX56NNXVTSYDH6S76BV3LDTQNFDJIPRKNO4AZP5WPZ6F64ATQZMTND4P4H7SAYU5KJJ5COLYMEFPZ4IROECR7JLRSSTNLRX44NEXS72PNRNTTFIFQUZR7GDWBNBZZVRBMSXQOLCVO4VLTJJAVJ4C4RB2CQNI63AVT6AG3IU3UUR7QHFW47ULXAJU6HI5DXCJNUAK4O2XVBUDS7TR6RYLCBRY/?
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.227.153.222 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:40 GMT
Connection: keep-alive
Content-Length: 26
Content-Type: image/gif

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C167 0
0 84ms
84ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJO0i60A9Y4aqEIv33gOBrbjAB4DA_41cu7_f6NYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MTA2NDkxNDY2NzQzMDagAcX_nrkDyAEJ4AIAqAMBqgSKAk_Q5jsAHwULokfJwJakZQCHDNW-T2Xe2A-Nr_dyIUO85mQCaKN-x0rurjYxpsR75yN544wxsOrrWc21JJK_i3KFI77uVelGW3xKFdThOwfAya2WLBIphNgJorqavrU97v6TtJeqBK4n1Mf_4JefZqmF2EEQL8yR_cIKVay2X0UMbD5zXViJ05K8RGzDviRDyNumGIVPtpeQV6KAyq6p7oc9Y1OEgno0JvQzHWY4SpFYd6F6dvUgg7Olg0LP6Nfa67bzXlql1LfqEVuiSSMJUNQdDsrNldBbfNooQr8hqg0HNIQoEIjHqbFZJh6NVjzKVQYSB2urkQPrJS0mvQ53tAyngzvcgM5zpxVv4AQBgAaj_OXt0t-9zJUBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgEDyCBthZHgtc3Vic3luLTEzODYwOTUyNTM0NTYwNDaACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTYxMDY0OTE0NjY3NDMwNhjqoxw&sigh=MQkoURzIA08&uach_m=[UACH]&cid=CAQSPwCsnQUxttZyfYC8B0XFb8cpYfjqCkuEhStYzhjL4Q6xX6cI6nPqnyZXRdCXxO0WBuCjpHQT8J9h7If3tHxbaRgBIBM&vt=10
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 wlpygwjKBV1pqhND-ZQW-WM.woff2
fonts.gstatic.com/s/cardo/v19/ Frame 5948 18 KB
18 KB 167ms
98ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v19/wlpygwjKBV1pqhND-ZQW-WM.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f94a0b25ed421e6643ca8ae21ccd63cf5630e8db8a3b64f63a669936d068c427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 21:32:49 GMT
x-content-type-options: nosniff
age: 471531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18852
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 17:09:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 21:32:49 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C167 15 KB
15 KB 107ms
49ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=tr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:33:00 GMT
x-content-type-options: nosniff
age: 565120
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 19:33:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C167 16 KB
16 KB 119ms
62ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=tr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:34:12 GMT
x-content-type-options: nosniff
age: 565048
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 19:34:12 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A254 22 KB
8 KB 48ms
48ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 138752
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 17:59:08 GMT
expires: Tue, 03 Oct 2023 17:59:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bundle.js Show response
ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/ Frame D26C 167 KB
53 KB 9ms
8ms Script
application/javascript 18.66.112.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/bundle.js
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/ttj?inv_code=ReklamupNetwork_RON_HDX&tid=206229
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-28.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 78e61a025efa980e619b91befb159152fb043c4ab5cfcd4421003740b6d7a590

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 14:12:16 GMT
content-encoding: gzip
via: 1.1 cf2071a2896a4f71dbfdbc521d554362.cloudfront.net (CloudFront)
last-modified: Fri, 30 Sep 2022 14:12:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 411565
etag: "24131f2fd9f38f79a976d7eda9ff3435"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, immutable
accept-ranges: bytes
content-length: 54319
x-amz-cf-id: oeB6OhC6lTxDbRFicusYmYmu2Y87lj5sMjQt8kSisesPlY3LUVP_ig==

GET
H2 200 noah.min.js Show response
bucket.cdnwebcloud.com/ Frame 47A9 19 KB
7 KB 16ms
16ms Script
application/javascript 13.227.219.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/noah.min.js?1664958700015
Requested by: Host: bucket.cdnwebcloud.com
URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=328125256&ord=173555109
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-39.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 10e4ebacf9fdc329d721a17f2a0d42fc77def0cf25766d0450bdff232a27d97e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 05:05:15 GMT
content-encoding: br
via: 1.1 d3fdd96b3ada000b1a8c2d522534c124.cloudfront.net (CloudFront)
last-modified: Mon, 08 Feb 2021 12:39:20 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 12386
etag: W/"79bdbba51b195bc000950e9ac2e73e9e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: hGZouTZf3FEub1SwjS8eYZGEE-hkbFyPJFkgAJd6yueAvvNxyz_7MA==

GET
DATA 200
OK truncated
/ Frame D26C 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7779f645fccad50281bfe32e3ab6e3299e71191e8af5dfae9d3deeae508e8a3f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 r
eb2.3lift.com/ Frame D26C 37 B
139 B 8ms
7ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/r?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&pr=can%27t%2520access%2520top%2520document&bc=0.072&bmid=2460&biid=7352&sid=90081&brid=559736&adid=90146861&crid=62966231&ts=1664958699&bcud=72&ss=5&caid=0&unid=0&domain=edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com&ref=http%253A%252F%252Fexchange.sahadan.com%252F&rr=creative&fid=18&rb=2&g=0&cb=44913
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H/1.1 200
OK /
b1t-eudc1.zemanta.com/t/imp/impression/Z5JFT3A4H3AF7ZPJI7GKOLXFSS5DDLNA64W7BZWYCVMG32V35KSIUSNTI7JYRZ6PQU2JRHYVRTFIKT3V7IPF45MF2UXATBASEUHKFDCHKDSP4X5ZFE2OBYCT3F7QQB2YRDLFGUMFNSK6DNARBAD65NEL466S3X... Frame D26C 26 B
151 B 13ms
13ms Image
image/gif 213.227.153.222
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1t-eudc1.zemanta.com/t/imp/impression/Z5JFT3A4H3AF7ZPJI7GKOLXFSS5DDLNA64W7BZWYCVMG32V35KSIUSNTI7JYRZ6PQU2JRHYVRTFIKT3V7IPF45MF2UXATBASEUHKFDCHKDSP4X5ZFE2OBYCT3F7QQB2YRDLFGUMFNSK6DNARBAD65NEL466S3XUGECXK4WLFJS7NZ4JLZVQA5TYH5MLKGT5CQVZOE4VPGZJOVAGH6MPGKOJ7DFDG6NSU6LWWLKJURIZRFLQIWNX6TO2OJIMCOEZP2CTXUAOO5P35PH23QIB5KSFAO7HA6TBDYVFFUT25P4PA4V4KHHU6F6JOUHWSRUGGL6UBIBCT4UXR2MF5D2TLG2PIHDEQKN5YOHO2K3OVIG6R6EYEY6CQ/?
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.227.153.222 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:40 GMT
Connection: keep-alive
Content-Length: 26
Content-Type: image/gif

GET
H2 200 lp Show response
img.3lift.com/ Frame E84B 120 B
414 B 66ms
8ms Script
text/plain 18.66.122.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://img.3lift.com/lp?width=600&height=600&url=%2F%2Fimages.3lift.com%2F16682690.jpg&logo_exclude=&v=16
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-67.fra60.r.cloudfront.net
Software: /
Resource Hash: 483f4caa8a59c01213b148cab145b199d8b09d1d7ac285f2b14db7058d39d290

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 03:08:02 GMT
via: 1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
last-modified: Wed, 05 Oct 2022 03:08:02 GMT
x-amz-cf-pop: FRA60-P2
age: 19418
x-cache: Hit from cloudfront
content-type: text/plain; charset=utf-8
cache-control: public, max-age=86400
content-length: 120
x-amz-cf-id: 0XRe9FCcxE9Ed2f43KXzdkPdBTNOX03AJrmEhnT0N9RpA-uwp6Ti7A==

GET
H2 200 /
img.3lift.com/ Frame D26C 56 KB
56 KB 67ms
10ms Image
image/jpeg 18.66.122.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.3lift.com/?width=600&height=600&url=%2F%2Fimages.3lift.com%2F16682690.jpg&logo_exclude=&v=16
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-67.fra60.r.cloudfront.net
Software: /
Resource Hash: 9dc5c2e2804c2f6646a8f65118a6f7224f139282346ddb2273fee9130d9570d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 04:01:08 GMT
via: 1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
age: 16232
etag: "9d9c62c2216c06fb3ffc380b5c358f0cf6e2b913"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: public, max-age=86400
content-length: 57306
x-amz-cf-id: ULa_MNkpKjSDYEy9PAEzv9eWAciXrbPmtGP-hJFwUA5R8HfA9tgo0g==

GET
H2 200 OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame D26C 3 KB
3 KB 13ms
7ms Image
image/png 18.66.112.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-28.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 01:25:08 GMT
via: 1.1 cf2071a2896a4f71dbfdbc521d554362.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 543993
etag: "ddf020e069f1706b72b7698b28fede09"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
accept-ranges: bytes
content-length: 3125
x-amz-cf-id: 7ggMKpaWQvqVWE40qTQZ-tBSfJjlSM6pah9BvisNxXSX96SWFzXdeQ==

GET
H2 200 OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame D26C 3 KB
4 KB 14ms
8ms Image
image/png 18.66.112.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-28.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 03:30:30 GMT
via: 1.1 cf2071a2896a4f71dbfdbc521d554362.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 104471
etag: "7ceab27af00fa466072a3c3360041755"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
accept-ranges: bytes
content-length: 3518
x-amz-cf-id: we931ONUM0rw8gnE3eGYimAHSshX3c6Jq-4CuHOE-ModEdl6V75KKg==

GET
H2 200 ctar
eb2.3lift.com/ Frame D26C 37 B
139 B 14ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ctar?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&cta_render_method=2&cta_render_text=Read%20More&cb=60910
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame B492 29 KB
10 KB 50ms
50ms Script
text/javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:09:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44525
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 05 Oct 2022 20:09:35 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D39 143 B
166 B 144ms
47ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 07:37:00 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C167 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ecf92ffba4e7e4d0b1b0c15db29341bae996f9493fbac13146ec966cf06d581a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 atp
neural40.cdnwebcloud.com/ Frame 47A9 74 B
324 B 127ms
31ms Image
image/png 54.170.54.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://neural40.cdnwebcloud.com/atp?481551747998=&n_o_aut_tc=328125256&nonhm=true&gdpr_consent=CMP_NOT_FOUND
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.54.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-54-35.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 74
content-type: image/png

GET
H3 200 YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js Show response
pagead2.googlesyndication.com/bg/ Frame A254 36 KB
16 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16054
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D26C 2 KB
553 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:600,900&display=swap

Requested by

Host: ib.3lift.com
URL: https://ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eeafa1744f02c6d3e311a4c2d0372b711b79b9b66fc66aa027b496b8d1a235c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 06:31:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D26C 3 KB
643 B 49ms
49ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Requested by

Host: ib.3lift.com
URL: https://ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cd9216308f7433d319f912cfc029861f0176f0d0af13c57338d291f757fb01de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 08:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 08:19:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 08:31:40 GMT

GET
H2 200 sce
eb2.3lift.com/ Frame D26C 37 B
139 B 9ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/sce?block=Custom%20Template%20Code&ref=https%3A%2F%2Fedf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&lvl=3&inv_code=ReklamupNetwork_RON_HDX&e=Not%20in%20friendly%20iframe
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 aop
eb2.3lift.com/ Frame D26C 37 B
139 B 9ms
9ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/aop?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&pr=can%27t%2520access%2520top%2520document&bc=0.072&bmid=2460&biid=7352&sid=90081&brid=559736&adid=90146861&crid=62966231&ts=1664958699&bcud=72&ss=5&caid=0&unid=0&domain=edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com&ref=http%253A%252F%252Fexchange.sahadan.com%252F&rr=creative&fid=18&rb=2&g=0&cb=60202
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 dr
eb2.3lift.com/ Frame D26C 37 B
139 B 9ms
9ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/dr?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&disclosure_render_method=3&disclosure_render_text=Sponsored%20By&cb=96641
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 80ms
79ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_pgbrk&pvsid=4285071190643003&vrg=2022092901&nw_id=90851098%5C%2C96769799&nslots=6&eid=31070046%2C31068357%2C44774962%2C676982961&pub_url=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&qid=CMbL177WyPoCFYu7dwodgRYOeA&iu=%2F90851098%2C96769799%2Farsiv.sahadan.com%2Fsticky&e=0&ret=728x90&req=728x90%7C970x90%7C980x90&bm=0&efh=1&stk=1&ifi=6

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ev1
eb2.3lift.com/ Frame D26C 37 B
139 B 8ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ev1?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&pr=Yz1A6wAD7BkKd7UYAAjJ8Aod33p4yqZTGgN1ww&bc=0.072&bmid=2460&biid=7352&sid=90081&brid=559736&adid=90146861&crid=62966231&ts=1664958699&bcud=72&ss=5&caid=0&unid=0&cepos=0&ceid=16682690&cb=40928
Requested by: Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 47A9 0
26 B 164ms
76ms Ping
image/gif 142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ Frame D26C 16 KB
16 KB 48ms
48ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 18:53:44 GMT
x-content-type-options: nosniff
age: 135476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 18:53:44 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D26C 15 KB
15 KB 50ms
50ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:600,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 09:42:13 GMT
x-content-type-options: nosniff
age: 514167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15752
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 09:42:13 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 570A 37 B
139 B 8ms
7ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?max=10&cb=94010
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/dcd1c4bfa5301e88e1f0308274015c20307a3b6d/dist/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Wed, 05 Oct 2022 08:31:40 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 5 KB
5 KB 49ms
48ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/logo.png

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

815a252ac371c2240ae777028945c942189363aa68698885c5b41a7288f256e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 10:07:55 GMT
x-content-type-options: nosniff
age: 599025
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4798
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Sep 2023 10:07:55 GMT

GET
H3 200 capa1.png
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 7 KB
7 KB 51ms
49ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/capa1.png

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffb40524398ceb89a2a4d37f45dd7b2abc6a28df2addf4cd941f1b0d4bb3db9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 10:07:55 GMT
x-content-type-options: nosniff
age: 599025
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6933
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Sep 2023 10:07:55 GMT

GET
H3 200 capa2.png
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 7 KB
7 KB 79ms
77ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/capa2.png

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1706f07ec712dc5a9134244f03910137796bd2b89f3cd2075e85645d454a3911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 14:58:33 GMT
x-content-type-options: nosniff
age: 63187
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6744
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Oct 2023 14:58:33 GMT

GET
H3 200 capa1_inf.png
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 10 KB
10 KB 56ms
55ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/capa1_inf.png

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c05c5e5f48ae2b41395c2f2da9107e51675b754ce70e45031b0cd611807a66b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 17:33:59 GMT
x-content-type-options: nosniff
age: 53861
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10225
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Oct 2023 17:33:59 GMT

GET
H3 200 capa2_inf.png
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 9 KB
9 KB 68ms
66ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/capa2_inf.png

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1c3233d360b95d3906f2b4509a4b9f49422b812a6750a5037f34ba2c75ae3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 05:21:10 GMT
x-content-type-options: nosniff
age: 443430
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9351
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Sep 2023 05:21:10 GMT

GET
H3 200 fondo160x600.jpg
s0.2mdn.net/sadbundle/7788421370862619343/ Frame B492 30 KB
30 KB 85ms
84ms Image
image/jpeg 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7788421370862619343/fondo160x600.jpg

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b75c6163d313a8ecd4309b129d197b32ede33e23baa25119f70d24a28107a0d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7788421370862619343/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 17:33:59 GMT
x-content-type-options: nosniff
age: 53861
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31091
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:43:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Oct 2023 17:33:59 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D39
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

73ms
72ms

Document
text/html

2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:40 GMT
expires: Wed, 05 Oct 2022 08:31:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:40 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 avw
neural40.cdnwebcloud.com/ Frame 47A9 0
105 B 32ms
31ms Image
text/plain 54.170.54.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://neural40.cdnwebcloud.com/avw?1482477690425&n_o_aut_tc=328125256
Requested by: Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.54.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-54-35.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:40 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A254 0
20 B 83ms
82ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8DZH60A9Y5-kIMuY-ga54qXwAQAAAAA4AeAEAg&bg=!IiGlIWXNAAYQgTJdMIE7ACkAdvg8WjfVEzoP_sHDrvwk0FM_b3k-YxgPzveWGeEa4Y17Nd0mhP-G6wIAAABpUgAAAAFoAQcKAFGpcZpnQXSXx4HdQBx2UECqFiMiB6b0nbzrcReOj-NzzOfu41EeuMpsI1L7Gmb7U97Jl6lXmyC7-KPyG8k1wVbg8jG8ZyC8_PiXaZOT8VhN7mWZAvD3I1sqDqnOkebLVHwKA_LFIbHXzHChHwENa0D7hMKGaj0xnQYsc-gPgFybUhZfDx88zks27E-aylELQpIDupS-q1eou_rskyZMWFOfodlCFjaxb9ODHcnEfeHM9hwMaHJe-VLQOQAtP0ngjlS0aDf_rsSaleYWHLNq9KeQKFrWiLRlQv0EM4P79W0fLseWxg23p4WmE1l25A7aupawja-e9edHOWaPegjKOo13FU1zVJZbP3lJADMQsaAlPSvw2WwptsVBCFAYpiXGfBiZerXHHZ2yNW7Z6f15YCOWPalAsO5BkQ7s_UF5lo9k0AQfCisrNwRm7VKEo97Lgg6VbyYHx0JxTocykNiwsyTQ3TKfqyUis9WJzh1gtLaTsbWhPxjqUd4-TNllqIYw3nNmG6CUoHsXaMJt15oFL2U9qkGSnzpVr2g0lUYamWcCmKvvfuXA30SkaW2QBvE_Gmxjg8kPQPwSNH5rnLqNbdLq7LP2PFiVuwZZtO8EJB7hy30fJGzAcCQBSsxYEFFBxHzF2L5ZutueKQEr3-wzxFKXk6dc4FODT1Juy_jMoqomAPP9iO7cVc4940zeVtCpII-_u8QH4Qb7iqMwd6QCmyZmZEOBoUwvdhHjUBExiRg7hv-NrAPpPFIbNvgNaq3bW_yZghIfZy0XwuN3bHGy1EB6TUUwBjnZ7Ir2A-43kh2peRYDj-qP2IwuBK3z6GVvRg3JXlKrJGeEmc2oMuNVnyqDnPKhsSXP0oUT_3e6kTiAbIGfFD56FrT4xY7xZTcrq0-_pE-2FUF9P7V1-nrQLZR6IP3z9Ik02SAadQEXiw0zpJy0MNpUQP3VfDGZqsTt12rOiQag0LRKMvO0xn8Rmr4EvweUgOGh6plkQtHEkoGwTa36JJWY36b-u05rHqAtz7HnZdTX9nhNBDoZEXoktzAHiu3HwZZM7QMHUkez1qSVm35DPd6rF4cFPnJhMSIgGamPpDOpjyOsB9SmxkVFvIFpxhTrTQ

Requested by

Host: exchange.sahadan.com
URL: http://exchange.sahadan.com/Default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 180ms
84ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022092901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a564eb8ffa4734c408d9835ce00ee492145583ec80c49f5d8cc08f956ba3e33d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11075
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 1980 0
127 B 15ms
14ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:40 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 93ms
93ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 08:31:40 GMT

GET
H3

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A...
https://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%...

35 B
55 B

48ms
47ms

Image
image/gif

2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Detect&ea=NotFound&el=div%20visible%20with%20attribute%3A%20zero_attr-clientWidth&ev=6&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958700672&_u=KQBCAEABAAAAACAAI~&jid=&gjid=&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&z=1050417681

Protocol

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Oct 2022 21:22:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 40146
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j98&a=20745407&t=event&_s=2&dl=http%3A%2F%2Fexchange.sahadan.com%2FDefault.aspx&ul=en-us&de=UTF-8&dt=Sahadan.com%20-%20iddaa%2C%20canl%C4%B1%20ma%C3%A7%20sonu%C3%A7lar%C4%B1%2C%20ma%C3%A7%20skorlar%C4%B1%2C%20puan%20durumu%2C%20spor%20haberleri%2C%20futbol%2C%20iddaa%20program%C4%B1%2C%20istatistikler%2C%20%C4%B0ddaa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Detect&ea=NotFound&el=div%20visible%20with%20attribute%3A%20zero_attr-clientWidth&ev=6&_utma=65577594.1546289157.1664958699.1664958699.1664958699.1&_utmz=65577594.1664958699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1664958700672&_u=KQBCAEABAAAAACAAI~&jid=&gjid=&cid=1546289157.1664958699&tid=UA-241588-1&_gid=1845101670.1664958699&z=1050417681
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

POST
H2 200 all
csm.eu.criteo.net/ Frame 5948 0
127 B 16ms
16ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 05 Oct 2022 08:31:40 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4025 42 B
64 B 80ms
79ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssMU609FJs60WEE0FbSMNd_JfFq0GicUJjcNvItOnfWVQviHlciyf76Olof7m4v9EPc62nA_FCuL5JKXOTNLYWZXjyq&sig=Cg0ArKJSzMVHs94T0ElQEAE&id=lidar2&mcvt=1000&p=137,320,387,1300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221003&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2696085593&rs=4&la=1&cr=0&vs=4&r=v&rst=1664958699001&rpt=700&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4226 13 KB
5 KB 48ms
47ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 161698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 11:36:42 GMT
expires: Tue, 03 Oct 2023 11:36:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0CFB 783 B
535 B 71ms
70ms Document
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

693da388d6326fd1b73f5df689ebb5b4d5ad5ca38e24aa7173a2e436baf6c61a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KOYKqpUIEeT7j2_MjMKvkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://exchange.sahadan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-KOYKqpUIEeT7j2_MjMKvkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 08:31:40 GMT
expires: Wed, 05 Oct 2022 08:31:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3A20 42 B
64 B 81ms
80ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufNWlLbeSr_qGWcVrbqHCQxHbAGOAPk_iDxi5DcJI5lizaVM76C1INoAFgH53yvjrVg3BWb7xyICAyaqqPUWO8HF4&sig=Cg0ArKJSzNKyxccbyIgwEAE&id=lidar2&mcvt=1000&p=405,974,655,1274&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221003&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=73288480&rs=4&la=0&cr=0&vs=4&r=v&rst=1664958699333&rpt=459&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js Show response
pagead2.googlesyndication.com/bg/ Frame 4226 36 KB
16 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16054
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0CFB 0
0 79ms
79ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022092901&jk=4285071190643003&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4226 0
10 B 51ms
50ms Image
text/plain 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dnCnQQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 47A9 42 B
64 B 83ms
82ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst15OXJMa4t2DTPRLG3PPXDlOVVTXtzIBRogI_FR7RQ7aQW1z55jn1c4WT02zs78wzzpcMEqlqMUIOG6u7nBndjbuyhfsSftX1pzK8IoZhU1D1diI8dEmPzOVBz9dqfCr3cZGpS2XI&sai=AMfl-YT6VBWORgt0DkgAi6X88em8Esx3LaSnIHf6ovMBOF3XFZo3MajsNeul4nR5Z6lwSkCaXukHvd4cX4ZdyJahuqGu7ButPOQ22DzcNbzd_z5fKWwhSFXJKgi8hawe9OPz0vY&sig=Cg0ArKJSzHsRwyc4vRswEAE&cid=CAASKORoOmbzqwbcE2xMEIu9oTrNCClzTIZZGP3G2r9GsPdanpEf3BnZeKMgDQ&id=lidar2&mcvt=1001&p=0,269,40,310&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221003&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3569988438&rs=4&la=0&cr=0&vs=4&r=v&rst=1664958699318&rpt=592&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C167 42 B
64 B 81ms
80ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvZEW95sY2iayUK53EDDhTXFNADwkNtLZk4tZ7R48gqgAEjTiIqTYxuRA6zzFvAc9bFqP36jZUywtbuDqQJd8E2cB9P&sig=Cg0ArKJSzO84-6HS7A56EAE&id=lidar2&mcvt=1000&p=1108,437,1173.984375,1165&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221003&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=2074372087&rs=4&la=0&cr=0&vs=4&r=v&rst=1664958699670&rpt=468&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D26C 42 B
64 B 81ms
80ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut2Nl9vrBltmQE2zyv3K3SRteFVvhrwEG0yhbdPbSIjRaOWBDwDB7Qakxy1TSjkA2Hco0UWaH9HululsXK95x3WXLa&sig=Cg0ArKJSzNFa81t_Pq8lEAE&id=lidar2&mcvt=1001&p=0,1290,600,1450&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221003&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=386702893&rs=4&la=0&cr=0&vs=4&r=v&rst=1664958699735&rpt=460&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 08:31:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ev
eb2.3lift.com/ Frame D26C 37 B
139 B 8ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ev?inv_code=ReklamupNetwork_RON_HDX&aid=35401506074690056321920&rev=dcd1c4b&pr=Yz1A6wAD7BkKd7UYAAjJ8Aod33p4yqZTGgN1ww&bc=0.072&bmid=2460&biid=7352&sid=90081&brid=559736&adid=90146861&crid=62966231&ts=1664958699&bcud=72&ss=5&caid=0&unid=0&cepos=0&ceid=16682690&cb=57629
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H/1.1 200
OK /
b1t-eudc1.zemanta.com/t/imp/view/Z5JFT3A4H3AF7ZPJI7GKOLXFSS5DDLNA64W7BZWYCVMG32V35KSIUSNTI7JYRZ6PQU2JRHYVRTFIKT3V7IPF45MF2UXATBASEUHKFDCHKDSP4X5ZFE2OBYCT3F7QQB2YRDLFGUMFNSK6DNARBAD65NEL466S3XUGECXK... Frame D26C 26 B
151 B 14ms
14ms Image
image/gif 213.227.153.222
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1t-eudc1.zemanta.com/t/imp/view/Z5JFT3A4H3AF7ZPJI7GKOLXFSS5DDLNA64W7BZWYCVMG32V35KSIUSNTI7JYRZ6PQU2JRHYVRTFIKT3V7IPF45MF2UXATBASEUHKFDCHKDSP4X5ZFE2OBYCT3F7QQB2YRDLFGUMFNSK6DNARBAD65NEL466S3XUGECXK4WLFJS7NZ4JLZVQA5TYH5MLKGT5CQVZOE4VPGZJOVAGH6MPGKOJ7DFDG6NSU6LWWLKJURIZRFLQIWNX6TO2OJIMCOEZP2CTXUAOO5P35PH23QIB5KSFAO7HA6TBDYVFFUT25P4PA4V4KHHU6F6JOUHWSRUGGL6UBIBCT4UXR2MF5D2TLG2PIHDEQKN5YOHO2K3OVIG6R6EYEY6CQ/?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.227.153.222 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 08:31:41 GMT
Connection: keep-alive
Content-Length: 26
Content-Type: image/gif

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 91ms
90ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022092901&jk=4285071190643003&bg=!cnGlcTXNAAYQgTJdMIE7ACkAdvg8Wlu1cKN4T-Ytd4361oQn6-lHmYtMlI37JWiA0SaZUAKXdw0SkQIAAABVUgAAAANoAQeZAqhPHRYukJIA5bgEqRExuA6VCEoHa4yB5eddLA1_BDAT82KTFFk4lWlI_eH-Mf3Iqd6oPzG_oxtspLYk1emIjwO1ciak5jYboP6133dgtfwXW2yJKkAzof3EAbyu7nsx3hjUkRFpM2Jp_glaCRj64rnFrzUnfl1eZP_WCxm24nDYIHqDfy6EoCS-41rTOzE9jltXcXVuIq52QPEafjlfZfz3h92jGPrE73puJ_poxU3AJih5gumZ4dj6mSWdQ66fJbHfRFpWKw2XxHDHcJTINy6rFsz8uWvnekVqU9vUnkoDWtkTmwnsXcqPVZcyw7Nu4EuMYPlxXPTzgNJzqFB1oy6vMNjBd4l825m0EbTk-VceRif9y5y4JPQc7fOhx58w_X1o52Ng-xiil1jOMwCrYKhm2iwTdE3ns1c6a-cI5CCBbBDVS0DlSZhqMY_aea7XmI-tFCQPOADBTpLUlOIY_YrBvSDnlVEuZhmxNtrUAoVakjhIud4g58s16a8W6Af6rznKYsYkojXAKzSpTXw0g6RwD8KclIp7gUQTjmECKyuXjBBJ1TNpHXX5isDVyznLcGxcEI3ovvZw4KZN2x-smydVTt-fvwvToQYTLnUO1oDThG-x9tIbbA5I8z05A2n9qaK-PAxuLfaH0j6gX-JwdRzZx303FjwcZYTmz_UKqlu6Zht3rwXW3V4WZO80Qw73fZTLFbJn7EzHG3GaL7lO0yPC4ihew4RgHNNNGLCEh_gxW9LmwLlbpsVvB5Ntox6T7ds4H5i537Z3rsk6vwpPBp126C58mnnMCJJmqV_gZS7ctV-lK-UOhdnn-3tRPH3UT-HOVPsDPhxWimfWdE-fngGTu0wiASn-cvElBYQ-3gY_bxukT8OwfbBnjvFtj_sJnW4Y7PYbk71aEg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://exchange.sahadan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 873170875c1643508181890d339c6d37_cpn_300x250_1.jpeg
static.criteo.net/design/dt/36976/221004/ Frame 5948 42 KB
42 KB 19ms
18ms Image
image/jpeg 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/36976/221004/873170875c1643508181890d339c6d37_cpn_300x250_1.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e324c014b919ca8e71c928e5ca608e16c71cc5672481b12b39929377bf6ef319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:31:41 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 04 Oct 2022 19:57:38 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "633c9032-a802"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43010
expires: Sat, 30 Sep 2023 08:31:41 GMT

Verdicts & Comments Add Verdict or Comment

162 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
exchange.sahadan.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDASQQDBTB Value: MLFNBGNBDOIHEHPKCOCMOCID
exchange.sahadan.com/	1970-01-20 06:29:18	Name: am_cookie_test Value: true
.sahadan.com/	1970-01-20 06:29:20	Name: __asc Value: 2fb8f753183a74594c0d1815533
.sahadan.com/	1970-01-20 15:16:21	Name: __auc Value: 2fb8f753183a74594c0d1815533
.exchange.sahadan.com/	1969-12-31 23:59:59	Name: __utmc Value: 65577594
.exchange.sahadan.com/	1970-01-20 10:52:06	Name: __utmz Value: 65577594.1664958699.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.exchange.sahadan.com/	1970-01-20 06:29:19	Name: __utmt Value: 1
.exchange.sahadan.com/	1970-01-20 16:05:18	Name: __utma Value: 65577594.1546289157.1664958699.1664958699.1664958699.1
.exchange.sahadan.com/	1970-01-20 06:29:20	Name: __utmb Value: 65577594.1.10.1664958699
.sahadan.com/	1970-01-20 15:58:06	Name: __gfp_64b Value: .TrBalsrWh9wTSHhVtOjaigCBrGAPH377HAT9oMQAqP.77\|1664958698
.sahadan.com/	1970-01-20 16:05:18	Name: _ga Value: GA1.2.1546289157.1664958699
.sahadan.com/	1970-01-20 06:30:45	Name: _gid Value: GA1.2.1845101670.1664958699
.sahadan.com/	1970-01-20 06:29:18	Name: _gat Value: 1
.doubleclick.net/	1970-01-20 15:50:54	Name: IDE Value: AHWqTUkpdudEoqyD86BHYH6B97xW0fa_z-IAbR6NtxKaq8sa_HLsV8y5_QDhfBsn7cc
exchange.sahadan.com/	1970-01-20 15:14:54	Name: intdate Value: 1664958699365
.hit.gemius.pl/	1970-01-20 06:39:23	Name: Gtest Value: KlGKrRGGQMQGMe0FwnFPgXEissGMXP8c25nSGYLsxxHWXBG.
.hit.gemius.pl/	1970-01-20 15:58:06	Name: Gdyn Value: KlGN4MMGQMQGMe0FwnFPgXEissGMXP8c25nSGYLsxxHWFRxSG7RrGS6Gw9sBFlMMYH7hRjBGqSRxSG8.
.adnxs.com/	1970-01-20 08:38:54	Name: uuid2 Value: 8382965488745485014
.casalemedia.com/	1970-01-20 15:14:54	Name: CMID Value: Yz1A65AXEbP3xY-9bmJAZgAA
.casalemedia.com/	1970-01-20 08:38:54	Name: CMPS Value: 2166
.casalemedia.com/	1970-01-20 08:38:54	Name: CMPRO Value: 2166
.sahadan.com/	1970-01-20 15:50:54	Name: __gads Value: ID=e6464a601fb54c2c-223f785a3ace00a5:T=1664958698:S=ALNI_MYexFj4clG0akE3w8crep03n3N_EA
.adnxs.com/	1970-01-20 08:38:54	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?'v>3)z!@wnfH8K6pQK`!5=E<L5?%K>lw1fw]kR]33Ak?5dqtBh01et??hX[k=uJk%nugO%v4VB%nnJw*-IW[
.neural40.cdnwebcloud.com/	1970-01-20 15:14:54	Name: n_one Value: 2232aeff-4488-11ed-b494-0242ac110002
.doubleclick.net/	1970-01-20 06:29:22	Name: DSID Value: NO_DATA

37 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 33) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://go.admost.com/adx/js/admost.js?r=0.8602139864692122, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 33) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://go.admost.com/adx/js/admost.js?r=0.8602139864692122, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: http://is.cdn.md/i4/Css/jquery-autocomplete/jquery.autocomplete.css?v=3.295 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46730&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46730&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18834&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18834&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=38097&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=38097&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46727&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46727&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=49848&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=49848&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=34177&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=34177&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18833&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18833&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18830&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=18830&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46728&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46728&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 1313) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://www.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 1313) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://www.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 1362) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://b.scorecardresearch.com/beacon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://exchange.sahadan.com/Default.aspx(Line 1362) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://b.scorecardresearch.com/beacon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=21376&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=21376&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	error	URL: http://imasdk.googleapis.com/js/core/bridge3.536.0_tr.html#goog_2029622929 Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
other	warning	URL: https://edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46731&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=46731&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=29753&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=29753&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=26436&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=26436&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=51258&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://go.admost.com/adx/js/admost.js?r=0.8602139864692122 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://run.admost.com/adx/get.ashx?z=51258&accptck=true, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a76f4aed22e94b8cf70dfe6f280016fe5.profile.txl50-p4.cloudfront.net
ads.eu.criteo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
b.cdn.md
b.scorecardresearch.com
b1-eudc1.zemanta.com
b1t-eudc1.zemanta.com
baltar.dimml.io
bucket.cdnwebcloud.com
cat.nl.eu.criteo.com
cdn.dimml.io
cdn.eksiup.com
cdnjs.cloudflare.com
certify.alexametrics.com
cm.g.doubleclick.net
csm.eu.criteo.net
d31qbv1cthcecs.cloudfront.net
dsum-sec.casalemedia.com
eb2.3lift.com
edf532cfda7d068b3a0787f60e6b744c.safeframe.googlesyndication.com
exchange.sahadan.com
fonts.googleapis.com
fonts.gstatic.com
gatr.hit.gemius.pl
go.admost.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hm.cdn.md
ib.3lift.com
ib.adnxs.com
images.performgroup.com
imasdk.googleapis.com
img.3lift.com
is.cdn.md
js.duhnet.tv
ls.hit.gemius.pl
neural40.cdnwebcloud.com
pagead2.googlesyndication.com
pix.eu.criteo.net
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
rtb.nl.eu.criteo.com
run.admost.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.criteo.net
stats.g.doubleclick.net
str.hit.gemius.pl
tags.bluekai.com
tlx.3lift.com
tpc.googlesyndication.com
use.fontawesome.com
vz-795b4bfd-cff.b-cdn.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
zem.outbrainimg.com
108.138.7.10
109.236.91.24
13.227.219.39
13.227.219.58
142.251.39.34
146.59.30.100
172.217.18.2
178.250.0.139
178.250.2.148
178.250.2.150
18.198.74.33
18.64.108.99
18.66.112.28
18.66.122.67
18.67.240.95
185.80.39.216
185.89.211.116
188.165.145.88
195.244.38.50
199.232.18.132
213.227.153.222
213.227.153.223
23.7.201.234
2400:52e0:1e00::860:1
2606:4700::6811:180e
2606:4700:e2::ac40:840f
2a00:1450:4001:82a::200a
2a00:1450:400d:805::2002
2a00:1450:400d:806::2001
2a00:1450:400d:806::200a
2a00:1450:400d:807::2002
2a00:1450:400d:807::2004
2a00:1450:400d:807::200e
2a00:1450:400d:80a::2003
2a00:1450:400d:80c::2002
2a00:1450:400d:80d::2003
2a00:1450:400d:80e::2002
2a00:1450:400d:80e::2006
2a00:1450:400d:80e::200a
2a00:1450:4025:401::9a
2a02:2638:1::2
2a02:2638:1::4
2a02:2638::3
2a02:6ea0:cb00::2
2a06:98c1:3121::c
3.15.76.72
52.222.139.77
54.170.54.35
54.76.66.96
76.223.111.18
82.222.8.80
91.191.168.119
92.123.36.134
92.222.252.172
94.130.143.246
00a1ad03a4d8e3ec2c6962d0d4874170d869a5e5414dd2db1231cf649bb2cfad
0133a3a8bad96c183d5fd19407b4cc471dcdd5eb0e81c5504c198ae5a04d6d40
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
0289700f9a5b8b27a3b4ad5ee3eb25e8c137d58cd37f736401a58538d62a3cd0
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
077f136641e0bab28801ee574e0a769eccc78ffbffd91f071a7f646ef9e50dfe
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0e0e52aa2b6787864ef38ca9dddd96218c71e8f1914b6efb1ebd041dccc77cd2
101d1d3fc92f961aefda3e2d5de2230579b99334a382f85e02caf65de71ea8fd
10e4ebacf9fdc329d721a17f2a0d42fc77def0cf25766d0450bdff232a27d97e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14ee0390722dba1d6e95b766412095d436df22f30b83dfbb9cb38fde3cd72c95
15c4184ca87a62ab093685595606d5891e2143ab50a1babf12ac68ef071f498f
1694d5d52547530f2cc3feb29cb467a5a749e8ff702c26b21d237fbd8a9edc6e
1706f07ec712dc5a9134244f03910137796bd2b89f3cd2075e85645d454a3911
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1afaa2d7927cb0e2f70b4ca9645888d10f0e87e5d0e0f8d24537f9f01ed9ce83
1b326de527026dcbdd3c231c95df9e2ba26cdee1e68d958b91c5883b6b1e9856
1bc40252335837dae720df9699c727a1002c9c8afad6830edc39f517c7c3c635
1dbe5850f671cf92fe1d7b55226a830fbe4daba614bf6c6ceeca9e236326930f
1e6455d11ad7744db21131e71fd50ba2356f363b0d1998fbf97da08e5a13759e
21e732eed30781e85af8753405dfc1afc4713d0fe50c8b9a396466990cbd056f
2536a47531f084a5f7b21ae21f9fb4ca20812d261e19c32f8f5250bb9675a824
2bf517104f255123ba18c57e1de2f672c0271712d716ff844a26ea8162453b45
2cd0762c0d84c86e37434dbae7439b4c8b42bc8bb8280cca592dd6ebf22da898
2e9b33e2310fe243055ae2d79e9a8805caf7ae61c256f41cc07f4a7ebe5f400f
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
313d5cbad55a31674c5451e2a961ab892e951ea7c59396ea5a89c944c9b029bd
32b3e621ea91cb52bb607669b5df5a09a99359355fdd66554b8a93bcb5724511
34667fc83e3f4d9ff6080d44c4fc4dd87e0d3a6a8d680dbd3adb05a73d99f590
34ca250e3df40b4f4365b7c00d16433251e6e31a3f97263d2261057e0093f49b
394814da5867ac6dd0819e14379934242530d7e2320e9b859deb9b5a216ad905
397375e1cf974deed6de31655068818c8e52827234138e83d29385edbdc13aa3
39e9c9fa33a5355229385615944e7748332fcf2a3a69bbde5566deb782922ea3
3ae0cf5e5caba6c5f7524171969abeff8b16e8b14ef64d967e1b8d01571a224d
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
3c6b1fae0df94115a0a6014d6a84221687d639d22b3b70f916eecef7478715c0
3cbc3d0137c37dff71917a1a5e1013ea9b5fd773db4fb9fab7f3225838d8fd5e
3dfb78d105e89ffe3359c30a219301b46640e01cb726e00693b9a1e745b678b8
3ea5f5e57bcdba2a5925058f077a3c016ac0c03d940a9866f82bddd5bf150dd2
3f71c7e1467e9bac745ba1f27ec773b77b04b551e3b48eae8447a14c43aefc0d
42926521c51bd0e8b8fc905b82c0a8087285ea02918c6f07d90608d5a45f0f95
43545fafc0a6e054a6595eca0dbf0442809f36679ab29abcd58035d83fffa3b1
454f97323a1a1f954078fb117649b63a4a3e76e38b8eb34acdf2c8b41508bbf5
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
483f4caa8a59c01213b148cab145b199d8b09d1d7ac285f2b14db7058d39d290
48abbbb87d8a3a1f97940449fd42b27a75079b449e844fad811e1231cdc57836
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6ee1b60d99686cc425241e8b26d22d79843b31258b90c14b06d420d0ea9639
4ba6d590e67a37d8a9d145db8eef8745158d8134ec5955d8cf486644ff007008
4d38e3c146f148f269132f6ef10d2265e6462de507ef291dd05918030eb5ce42
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec12baf6cba1184f734c98640a42cd7a3208c2edf5871231eb6c3a58a021520
4f64f8e57fceff16ab30429262845ed261ba56e666ee48dd8c0f0616eefd0702
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50899151d35612d8c6cb1e77706ac4d7fa330238b238d73e978acadc6bffde1c
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
53d94d99aea6bce949af941217303245057b545dc1b96252f610a57f56a6226a
53ef9e8412836d3dce42ef6d118d1f55a593d35c8af0771d33e3419177e59253
54a6606bed93bee86d6763cdc2f435c3501de5b129044f7896fda2080e9d5caa
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86
5d9b4c063099737b65b5d157e4910697121aeddc6f36fb39c090d072594fa364
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8
6478bc97dbc8745de91cde325029977434e7ea3ff994a95b161dbe58c218581a
65dbe1c18755a5a825e8d242ace8b4d6d023645cf4dfa241d77f8c1800061c12
66c473d28591572dcdf5e6f5ace03c5e2dafdf17516956d9556d8d703e447c2b
68bbcdadbeb721cb66952f4e3aaa5faa5de544567f63ce3979a8850b91f8a6db
693da388d6326fd1b73f5df689ebb5b4d5ad5ca38e24aa7173a2e436baf6c61a
6d5cc6cf846cc322bba057ed5ee8a3c4209c2b6dc0b4447d9966615a471ff4ca
6df79e98ac3f39a612316d11ac887567173d8b940ca5ca1c48582e5ac57e79b0
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
74130e91791cf3496d353724953e6466d3240ea308838a482dff16cd6c119aa0
75690bbf3562d0d8d2c1db25239e68e1c1a3f3cd078b5724906bf14e9e9892a7
756e43dbfef1d1dd0248db29ec8c5513f4a90e45e2c91568572cc89bbf18b0f8
759ac5f84293ddf299aaa2d7cd9d5d5498d65563a2abae498164bf0d86d93ab4
7688a1c1a7ec22b7b4a4b6f7f23f66236f38a7e9a814627a5d00b6392263b6e1
76cedfe5cb3e098c85235cf99bf5cecd13667cda469476dba97f4a32fc84e8cb
76dbd9dd65bb9f6e335493ae43b89bcf84cad31e0be3d7d778705bdf2e2f23f6
7779f645fccad50281bfe32e3ab6e3299e71191e8af5dfae9d3deeae508e8a3f
78e61a025efa980e619b91befb159152fb043c4ab5cfcd4421003740b6d7a590
78fe99eae6c48c8c8dd4ec4aa260d907459f7ded80c3424d05b525eaaad6ec18
7acea79c2521213b0e379bcb9c0fe0c690e5cb7ccad1998c5920b2a5699843ad
7d0faca785be135eeeaee5cd2ba681e5ababa983819df716a01acfe8c67f26e5
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e7245a90f91b087064104adedc5ddc6b47f74644617974a6c73b4122ab92ec8
815a252ac371c2240ae777028945c942189363aa68698885c5b41a7288f256e5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84376ca81e8742351a2797ae66d15649495c04822af216ac0f939f2916837087
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4
8853e974d661a5636217c397d87dd0c3c3c67390b67f0924136430125ea8e933
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
96c0598f9fe9df975d595a6ba24ebff8c1bd6fe14902dd37b2ebb639daedf5bf
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9caef6df1e0e1919c0933e1140760ed449ce7861bc9d238f8994ce252f558f1d
9d2901234937fd7e0e329f9424029cb8c3a17010f25fc2d4add9db4915ba6ea4
9d312140f3532b29659e3b5c2eb94ff9d7d5f09376b21993c5909442eece0067
9dc5c2e2804c2f6646a8f65118a6f7224f139282346ddb2273fee9130d9570d8
9e0475bc6b5858f1d4d16178f48f9993fc45ecd976c9c147330ed300fc220c51
9eb24fc8bc29d28f778ca720cafc0e566e0c8c98e4cd6ff59156c4656a9ae0bb
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0de656c374d21af32efeeb92b2fe74f34e9ef4eb35495ed0e9820a83ba8c274
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1c3233d360b95d3906f2b4509a4b9f49422b812a6750a5037f34ba2c75ae3c5
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a30e7f3239b07a4811f6c77a5c62fc5b5774033f099783db947047cd0a0ef113
a314bd0381551764a32150f16251feccf4184b14859eadec2e06cb0d35d4681e
a39d9acefe24437ed2d4031241c6a1e19751f7e2010681b9320dd2264d27ef54
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a54dae69c556d5198e105eaf0d19ef6e9c0b21e87a340de5d00ee931450e56d8
a564eb8ffa4734c408d9835ce00ee492145583ec80c49f5d8cc08f956ba3e33d
a5d41610b80e2b5c015a47b4839220bb9b3fc3bb6ab620f0af7a7f50899742b0
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a81cecefe8865615fe3e4c8858e69f1d92f4cff8a56095d2c57bdfb61fb07439
aa2cb8a5241d24ae98bad193afc76ca3b5437f2d95c62c7c49dbdc9ad6a2fac9
aa85fd1b927747c7cd8e976608b3295bcd03c71dd87ac29e3fa8d5afbca51d8d
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b04b12cadf378663dd825a3554cc04856238b223260bc77e20aaf54923f649fe
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2652b8847978a399f70ed15fa6e669dd5781713bca294f3c28a50a4dc9c2865
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b3f2e69fff634830a400c124c00dd5c97f023d6154a03aa9ec9a5eb690c9f196
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4a7ef9af3af11bb37d635bfed849032d26ef1cd51095cff7e664fcddf9e114c
b707cf4d68d91c76b9b93b1ad23a52885d69d9bb6af5fc58988cf97346ad03e0
b75c6163d313a8ecd4309b129d197b32ede33e23baa25119f70d24a28107a0d0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c05c5e5f48ae2b41395c2f2da9107e51675b754ce70e45031b0cd611807a66b7
c0b1f2c205dfc9e1908bd0569ed8c23413fb96774af18da19b935ca6664204e8
c21a3f821b4d312076f3a473f9e741b53658761b5f0886873e12039eb5190cbe
c9e5199905c87b3197f0bc3d2baef36abbd1b80ebfcb5c13018e63a803c76d60
cb9404060fda4757f932c63af8efa23cb6088538410793e9ce068f0d1818df51
ccbcb20e1a6643aace0c7fe42900838493d540432baacff54039b6b3976e9a8f
cd9216308f7433d319f912cfc029861f0176f0d0af13c57338d291f757fb01de
cecaa3c6afa068e141ee4972e5449634fb581b3447bfa6169d3c038d2450a5e8
cf025959d5ae6414b0f1fb142746a84a93a8e7c0f1aaff024bdfcb740e3c3552
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d731a0b67521f56a398187ed988cf3ba1a6f679b3ba293576c522d3d32047130
d8d5b5fcae82e045a3d5cf1cd45d4443c561849e5024f7e3a41cc25cacf6648b
d93e17588f48e21f0f1e47e57d6019e748b2b5625796708ccf7767ddc7c9db70
d9bcc622da74d5b781d9449ceb10c2dcbcc614838d01a93923556200b67fb37e
dba74544c15f57cd96359f59fcc118e2e39a1b3fff3123dca2f32ce838ecb33f
dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407
ded1d9b7817a8247c96877fb6bfef1f651d94018cc4df64f298209867a4307e9
dee0d79670919414d0e9552e4527f82737e46c2ca31fed920cf6c11131777a16
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e18d65acc018d89d0629789daca6bcfd0baace4b4cbcb5a3e56f7cf6fe7997c4
e324c014b919ca8e71c928e5ca608e16c71cc5672481b12b39929377bf6ef319
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e444291a8eb00c0786a77e8b783c318b2d77db35e6715aff504a46d8e64b3335
e46c67ca62b13eb0505fb1d239b9d4c5c78eeb2401104bdd4501130a3e43ae3f
e4bc697496bb350dee2dd90f94e8454e52a371f64121a5565f0a54652a0716e5
e5774d459aad81e96c4ebf256bf1c62436707f09b022083d8719fdfeba1b3957
e62af54a296f56631510f41fe04abc6fdb1b703d6e2968a50a6741c5aac93ea0
e9ef8c5630768eac23544ef13c37e2158f1508b43657a11f482c6dbdf2ffad79
ea3273964fd64f1966a84354ec26014e38f1f725f5dcec8a5777f63e7531d430
ec28c3633cc350543dbbb1465a2f59455f9dbc50b6b6b19891a076b92c2fbd36
ec56b2a59262e7489dfdeb863840fbf779478550f423b3cb9b4a9047342da21b
ecf92ffba4e7e4d0b1b0c15db29341bae996f9493fbac13146ec966cf06d581a
ee2f84d61840b2cc4a48fa5794940cc1cb8d122309a0be318b3d5ad6041a21a0
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
eeafa1744f02c6d3e311a4c2d0372b711b79b9b66fc66aa027b496b8d1a235c3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631
f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7120dbc595f66ac03e9759477b28d90b1192dacd21e2a36dec81ca90b5e6d5f
f752902092b6bbfd46f73454eed8642f9cce99d931a1390913e6fbc314f40ae4
f8c438d279c6bd38c07d7713ec638668b54cbb2b2e55d01e3a7ba28f144365ee
f94a0b25ed421e6643ca8ae21ccd63cf5630e8db8a3b64f63a669936d068c427
fb137058ae6ee059f43c711ca26b3b6addde610e64b960cd3164b8896c3ff02e
fd4b6b51cb97df806b4fba07b04bfd39a26c1c4e4f37a4bbb6f766a5e3b2ed14
fddc433f7cc747ef4fe82c66486feb8783af32e11f590cf4bb46708b8ec05418
ffb40524398ceb89a2a4d37f45dd7b2abc6a28df2addf4cd941f1b0d4bb3db9c
ffbc406bafaf3172d88be0d60df6f4b57d97ade0b3b06d02682d7d77766673b1

exchange.sahadan.com Open in urlscan Pro 91.191.168.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

284 Requests

64 %HTTPS

40 %IPv6

33 Domains

60 Subdomains

55 IPs

10 Countries

3489 kBTransfer

10801 kBSize

25 Cookies

8 Outgoing links

Page URL History

Redirected requests

284 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

exchange.sahadan.com Open in urlscan Pro
91.191.168.119 Public Scan

Screenshot
Live screenshot

Full Image

284
Requests

64 %
HTTPS

40 %
IPv6

33
Domains

60
Subdomains

55
IPs

10
Countries

3489 kB
Transfer

10801 kB
Size

25
Cookies

284 HTTP transactions
9 data transactions