canada24.co Open in urlscan Pro
62.171.188.114 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/tracksaka/asmtra.html#?Z289MSZzMT0xNjUxMjM5JnMyPTE2NTk0MzczMiZzMz1NWA==
Effective URL:
https://canada24.co/
Submission: On June 11 via manual (June 11th 2023, 4:58:55 am UTC) from MX — Scanned from DE

Summary HTTP 229 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 35 IPs in 9 countries across 36 domains to perform 229 HTTP transactions. The main IP is 62.171.188.114, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is canada24.co.
TLS certificate: Issued by R3 on April 14th 2023. Valid for: 3 months.

This is the only time canada24.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:810::2010	15169 (GOOGLE) (GOOGLE)
1 1	185.80.129.160 185.80.129.160	61053 (VPSNET-AS) (VPSNET-AS)
1 73	62.171.188.114 62.171.188.114	51167 (CONTABO) (CONTABO)
6	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1 36	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1 5	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
12	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 17	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1 1	3.81.178.203 3.81.178.203	14618 (AMAZON-AES) (AMAZON-AES)
3 3	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
2 3	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
1	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:5008:e6da:141f:d7eb	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	85.14.248.72 85.14.248.72	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	18.184.126.130 18.184.126.130	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:3219:5136:71bb:d50d	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.56.205.163 23.56.205.163	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.130.16.201 18.130.16.201	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
2	52.56.247.104 52.56.247.104	16509 (AMAZON-02) (AMAZON-02)
229	35

1 2a00:1450:4001:810::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.80.129.160 (Lithuania) 1 redirects

ASN61053 (VPSNET-AS, LT)

185.80.129.160	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 62.171.188.114 (Nuremberg, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: vmi697329.contaboserver.net

canada24.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.81.178.203 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-81-178-203.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::90 (Moscow, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:5008:e6da:141f:d7eb (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.72 (Mülheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.184.126.130 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-126-130.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:3219:5136:71bb:d50d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.56.205.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-205-163.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.130.16.201 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-130-16-201.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.56.247.104 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-56-247-104.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	canada24.co 1 redirects canada24.co	7 MB
54	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 127 tpc.googlesyndication.com — Cisco Umbrella Rank: 154	585 KB
32	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 cm.g.doubleclick.net — Cisco Umbrella Rank: 248	224 KB
16	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn3.gstatic.com	342 KB
14	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 26666 ad4m.at — Cisco Umbrella Rank: 9709 assets.ad4m.at — Cisco Umbrella Rank: 41902	670 KB
8	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 106 www.google.com — Cisco Umbrella Rank: 3	1 KB
7	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 477 fonts.googleapis.com — Cisco Umbrella Rank: 67	7 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	329 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 21071 api.webgains.io — Cisco Umbrella Rank: 53966	31 KB
3	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 4753	962 B
3	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 834	1014 B
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 16417	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 356	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 851 s.tribalfusion.com — Cisco Umbrella Rank: 1995	1 KB
2	ad4mat.net static-de.ad4mat.net — Cisco Umbrella Rank: 192638 prod-rtb.ad4mat.net — Cisco Umbrella Rank: 147409	4 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 626	1 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 61005	15 KB
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 36215	2 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	48 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 454	716 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2157	174 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 43837	613 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 385	266 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 12008	1 KB
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1624	298 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 602	363 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 748	546 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3052	105 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 817	465 B
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 1119	454 B
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 3179	1 KB
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 14030	521 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 758	992 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 548	730 B
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2017	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1086	601 B
229	36

	Domain	Requested by
73	canada24.co	1 redirects storage.googleapis.com canada24.co
36	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net storage.googleapis.com tpc.googlesyndication.com canada24.co pagead2.googlesyndication.com
18	pagead2.googlesyndication.com	canada24.co pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
17	cm.g.doubleclick.net	1 redirects googleads.g.doubleclick.net canada24.co
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net canada24.co
9	fonts.gstatic.com	fonts.googleapis.com
6	assets.ad4m.at	as.ad4m.at
6	www.googletagservices.com	googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
6	fonts.googleapis.com	canada24.co googleads.g.doubleclick.net
5	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
3	an.yandex.ru	2 redirects canada24.co
3	onetag-sys.com	3 redirects
3	adservice.google.com	pagead2.googlesyndication.com
2	api.webgains.io	analytics.webgains.io
2	www.awin1.com	as.ad4m.at
2	x.bidswitch.net	2 redirects
2	c1.adform.net	2 redirects
1	cdn.track.production.webgains.team	as.ad4m.at
1	analytics.webgains.io	track.webgains.com
1	track.webgains.com	as.ad4m.at
1	s0.2mdn.net	tpc.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	s.tribalfusion.com	canada24.co
1	a.tribalfusion.com	1 redirects
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	m.exactag.com	storage.googleapis.com
1	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
1	static-de.ad4mat.net	as.ad4m.at
1	ag.innovid.com	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	trace.mediago.io	1 redirects
1	a.rfihub.com	1 redirects
1	im.bluevoox.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	sync.mathtag.com	1 redirects
1	secure.gravatar.com	canada24.co
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	storage.googleapis.com
229	47

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
canada24.co R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.innovid.com RapidSSL TLS RSA CA G1	`2023-03-15` - `2024-04-14`	a year	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2022-08-19` - `2023-09-15`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 25 frames:

Primary Page: https://canada24.co/
Frame ID: E1A43DD4DCC7BA7069ECDF901853C6F7
Requests: 91 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20190131/zrt_lookup.html
Frame ID: 89D48EADA912B086FE3CA272189979A6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&adk=1812271804&adf=3025194257&lmt=1686459526&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fcanada24.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459526242&bpp=8&bdt=374&idt=271&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7381865430407&frm=20&pv=2&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=309
Frame ID: CA4DC7E68367F3C0A075E8EFD271215E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1
Frame ID: CCE44F7FDDD9DD81CF91813311FCCAEA
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1
Frame ID: 15016AA43A23C76C356A6DF65DED6DCF
Requests: 14 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E9467E687CEE36BDF2E0D2BAD91E6BC2
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=600&slotname=8383182661&adk=1159937247&adf=478544684&pi=t.ma~as.8383182661&w=262&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=262x600&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527553&bpp=22&bdt=1685&idt=22&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1234&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=sSsq9644cX&p=https%3A//canada24.co&dtd=29
Frame ID: 258D1A47FA968BDADCD7EEA1FAB51228
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9
Frame ID: 55188C7A31E19B5FD9A74FA835C4E870
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37
Frame ID: 66FDB2A7A15B609BF12FE7078526119F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29
Frame ID: 20D4C73E858D32A20C66A4850CA7CFD5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js
Frame ID: F57C752C2F6B957B02EEA960CF247C46
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C672571E553DD839B2E1E637C8987A65
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js
Frame ID: 4FEC8705CB8818AE66416832B316227D
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D
Frame ID: E7E3C52BEC98778A557231A1B45E8F46
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js
Frame ID: 9FAD7FBB4A9490CE0F334ECC85F54CF7
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6E04F9B588A1AB768FB94F22BB895BA7
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js
Frame ID: B50FC1EB0CED053D6204AF0C39F3285B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 037EEE5A19E2BCACBB28745D8E84AD19
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: B4506F8CCC97F35A509D7D5738108131
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html
Frame ID: 0C8D0DE92228746A8EC8FD743C7F5696
Requests: 8 HTTP requests in this frame

Frame: https://m.exactag.com/ai.aspx?extProvId=5&extPu=sixt-gaw&extLi=20069242257&rnd=1565861820
Frame ID: 7DF819847A3A855EF5223388872A3272
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 72B2E2351F96041679FA2831543C5868
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Frame ID: 0699877D298888DEAE117C8469AE0BB3
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E700FFFA2BDC16734139284F5BDEA398
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 835E3CAF19D272911A156F504D0BE7AC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

canada24

Page URL History Show full URLs

https://storage.googleapis.com/tracksaka/asmtra.html Page URL
http://185.80.129.160/??Z289MSZzMT0xNjUxMjM5JnMyPTE2NTk0MzczMiZzMz1NWA== HTTP 302
http://canada24.co/ HTTP 301
https://canada24.co/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

229
Requests

92 %
HTTPS

52 %
IPv6

36
Domains

47
Subdomains

35
IPs

9
Countries

9099 kB
Transfer

11628 kB
Size

36
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/profile.php?id=100087246476088

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/tracksaka/asmtra.html Page URL
http://185.80.129.160/??Z289MSZzMT0xNjUxMjM5JnMyPTE2NTk0MzczMiZzMz1NWA== HTTP 302
http://canada24.co/ HTTP 301
https://canada24.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 121

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEDrZQaJBNCqBB5FR0aQl4ls&google_cver=1&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqmbRIxppdxr2i8-uA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqmbRIxppdxr2i8-uA

Request Chain 122

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEFFWyd4Tm3AyFbmTAbo7S8c&google_cver=1&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJVbHOlpdD1KO_oKgEg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=LKueEL9zW31d9M9jBpnyC7nVm7U&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJVbHOlpdD1KO_oKgEg

Request Chain 123

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8Fk2wy1UvpS36_ME2Ef0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8Fk2wy1UvpS36_ME2Ef0

Request Chain 124

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEDh9ffVPdclgpKI3WgXt58s&google_cver=1&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FLH1_ttbDsgXx0WFK4FyU_0ZrgXUvUH0F_RZWgWiQalxe9FcX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FLH1_ttbDsgXx0WFK4FyU_0ZrgXUvUH0F_RZWgWiQalxe9FcX&google_hm=QlMuMjhmMC1mNTUzLTRiNjEtOTk1Mg==

Request Chain 125

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEFZNIObssPAKj1d1T422feY&google_cver=1&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQUWS-fa8mi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQUWS-fa8mi&google_hm=NTQ3MDE4MTE0MDYwODA0NDc1Mg==

Request Chain 126

https://an.yandex.ru/mapuid/google/CAESEGLCNq0E4Uf4zq5OBaVc-lM?ext-param=ATf1kGNmVB21V0pGcu93D5S2XNMN-U7vR2CmkHPnKyzZ5xiSoEl5Q6_44sOd6ztVMvfvD203DJ4ZiCC2wWAM02fIKYcY_QyNBFqKCBZv&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEGLCNq0E4Uf4zq5OBaVc-lM?redir-setuniq=1&ext-param=ATf1kGNmVB21V0pGcu93D5S2XNMN-U7vR2CmkHPnKyzZ5xiSoEl5Q6_44sOd6ztVMvfvD203DJ4ZiCC2wWAM02fIKYcY_QyNBFqKCBZv&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEGLCNq0E4Uf4zq5OBaVc-lM&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 127

https://trace.mediago.io/cs/google?google_gid=CAESEBwPcu_TmNt_F5-H9XZwvBo&google_cver=1&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxFhVu7ew1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxFhVu7ew1&google_hm=d1dcd474c9683dd9b788b3bd6e2b6b59

Request Chain 134

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEG6zPOLZeRBc1Fy6y371vok&google_cver=1&google_push=ATf1kGNGhWP_cktW9VqBFp0Mn2PyVQpaxYnTFpuW0bwx0q9UPlH7uP5wjP7bQTphy17MeUSxoyCjooV9xPvkyDCbgLMiShswLS3-CQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEG6zPOLZeRBc1Fy6y371vok&google_push=ATf1kGNGhWP_cktW9VqBFp0Mn2PyVQpaxYnTFpuW0bwx0q9UPlH7uP5wjP7bQTphy17MeUSxoyCjooV9xPvkyDCbgLMiShswLS3-CQ

Request Chain 136

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEaJVmTeBjVDRVwnV5pJv7c&google_cver=1&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nfqkneluF-eCtwETRjT9ZAGw HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEaJVmTeBjVDRVwnV5pJv7c&google_cver=1&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nfqkneluF-eCtwETRjT9ZAGw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc3NDc1NTE3NDIxNjkzMDc0Nw&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nfqkneluF-eCtwETRjT9ZAGw

Request Chain 138

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aUw7_SyUwJ7LCfJPQhwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aUw7_SyUwJ7LCfJPQhwQ

Request Chain 154

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_tbSiDBCQAxiQAzIIfiMpVhjKCMQ HTTP 301
https://tpc.googlesyndication.com/simgad/8530584423308554204

Request Chain 168

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 170

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOwCzK5qrBRU2REtRBMygn8&google_cver=1&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWazYlOUl_qvX9o0auxyPQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWazYlOUl_qvX9o0auxyPQ&google_hm=5eRX5OPqQ-CoKxcbGbutzrU

Request Chain 172

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPiK5amw4d-Gb2zGTjc-KXg&google_cver=1&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEPiK5amw4d-Gb2zGTjc-KXg&google_cver=1&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw&google_hm=2Wz4IM4ZRwSN6x00lyaHXA==

Request Chain 173

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECnd8yVPOJYoZpyO70Yhg2U&google_cver=1&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3VBG355SRQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3VBG355SRQ&google_hm=eS1SV2xBcmNWRTJwSDdIX0JIZC43djdfcWpaQ0xkOURDen5B

Request Chain 174

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdOthFkG5_Bv1LMMVkOv7I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdOthFkG5_Bv1LMMVkOv7I

Request Chain 184

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

229 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 asmtra.html
storage.googleapis.com/tracksaka/ 245 B
733 B 691ms
583ms Document
text/html 2a00:1450:4001:810::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/tracksaka/asmtra.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 245
content-type: text/html
date: Sun, 11 Jun 2023 04:58:44 GMT
etag: "c0b741fa7b5f59afbc3f2578fc381aa3"
expires: Sun, 11 Jun 2023 05:58:44 GMT
last-modified: Tue, 06 Jun 2023 16:22:51 GMT
server: UploadServer
x-goog-generation: 1686068571230608
x-goog-hash: crc32c=pQq4EQ== md5=wLdB+ntfWa+8PyV4/Dgaow==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 245
x-guploader-uploadid: ADPycdtDLyksqNOkgUKNw86Onkn-SxEbU33pLFC_k7BxJfJjTKtKH709WxnUiLpsgFPQ1Sdxht81hI9EqDUuaVt4xmTzUA

GET
H/1.1

200
OK

Primary Request / Show response
canada24.co/
Redirect Chain

http://185.80.129.160/??Z289MSZzMT0xNjUxMjM5JnMyPTE2NTk0MzczMiZzMz1NWA==
http://canada24.co/
https://canada24.co/

2 MB
2 MB

710ms
663ms

Document
text/html

62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 / PHP/7.4.28
Resource Hash: 72be25c3ba91e0c0641e49e4d4cef4aeb0c4090bc4b33e9648c829e2d6e4c990

Request headers

Referer: https://storage.googleapis.com/tracksaka/asmtra.html#?Z289MSZzMT0xNjUxMjM5JnMyPTE2NTk0MzczMiZzMz1NWA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sun, 11 Jun 2023 04:58:45 GMT
Keep-Alive: timeout=5, max=100
Link: <https://canada24.co/wp-json/>; rel="https://api.w.org/" <https://canada24.co/wp-json/wp/v2/pages/134>; rel="alternate"; type="application/json" <https://canada24.co/>; rel=shortlink
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.28

Redirect headers

Connection: Keep-Alive
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 11 Jun 2023 04:58:45 GMT
Keep-Alive: timeout=5, max=100
Location: https://canada24.co/
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28

GET
H/1.1 200
OK style.min.css
canada24.co/wp-includes/css/dist/block-library/ 95 KB
96 KB 50ms
16ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Thu, 30 Mar 2023 05:06:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "17ced-5f8170ee62751"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 97517

GET
H/1.1 200
OK classic-themes.min.css
canada24.co/wp-includes/css/ 291 B
605 B 47ms
14ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Thu, 30 Mar 2023 05:06:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "123-5f8170ee63ec1"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 291

GET
H/1.1 200
OK style.css
canada24.co/wp-content/plugins/td-composer/td-multi-purpose/ 37 KB
37 KB 47ms
14ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=8b696c143e3bac57b8492b1871ec539b
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 3ed2e42d3ce5e24dcb11cddde4126e4f07c3afc590f708ad2cfbf7669002f92e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "92ec-5f71e8a5040a6"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 37612

GET
H2 200 css
fonts.googleapis.com/ 23 KB
2 KB 138ms
46ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700%7CWork+Sans%3A500%2C600%2C400%2C700%7CPT+Serif%3A700%2C400%2C600&display=swap&ver=12.3

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4a60cf98dde986323fbf26602142f3c6304aaf5cdea1afc04d2f5b66ed132a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 04:58:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:45 GMT

GET
H/1.1 200
OK tds-front.css
canada24.co/wp-content/plugins/td-subscription/assets/css/ 44 KB
45 KB 47ms
16ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-subscription/assets/css/tds-front.css?ver=1.4.1
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 3becd57686ec6f9c6048cba1a5c0768c0db78ed6b8bf962efbd9708806c380f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "b1f2-5f71e8b4eb9f4"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 45554

GET
H/1.1 200
OK td-multipurpose.css
canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/ 12 KB
12 KB 47ms
15ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=8b696c143e3bac57b8492b1871ec539b
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 485301e24ee204cd089ec16df7e66702b3a3dc906f5ea5ffcc414c303d647e1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2ee1-5f71e8a50736f"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12001

GET
H/1.1 200
OK style.css
canada24.co/wp-content/themes/Newspaper/ 149 KB
150 KB 60ms
12ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/themes/Newspaper/style.css?ver=12.3
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 1370903a1e242d482364b08f180e6add61f2f2b4abae8cfb0de855b56017cfb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:36:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2557c-5f71e89f8ae6b"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 152956

GET
H/1.1 200
OK td_legacy_main.css
canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/ 161 KB
161 KB 61ms
13ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=8b696c143e3bac57b8492b1871ec539b
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 5dda8db38026fc522c7c017ba17bbf533be39a00cea07cbc1086f1537dce7272

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2828e-5f71e8a4eeccd"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 164494

GET
H/1.1 200
OK td_standard_pack_main.css
canada24.co/wp-content/plugins/td-standard-pack/Newspaper/assets/css/ 715 KB
716 KB 68ms
12ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=9ce2c1ff12ade0672995751ed7cb59b1
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 1008e0fea1bcea71d721ce0187eba5979aee7626901ea11940898b0db51320c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "b2d2a-5f71e8bc84f52"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 732458

GET
H/1.1 200
OK tdb_main.css
canada24.co/wp-content/plugins/td-cloud-library/assets/css/ 34 KB
34 KB 79ms
12ms Stylesheet
text/css 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-cloud-library/assets/css/tdb_main.css?ver=d72a7d54cd61ce0a128c0a91d76ef60a
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: c8821d06dfd34ed87aeddfc12c30cd9095bdbbb50e74f2a4e1fe4a6d77431287

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "882f-5f71e8ad99d21"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 34863

GET
H/1.1 200
OK jquery.min.js Show response
canada24.co/wp-includes/js/jquery/ 88 KB
88 KB 88ms
12ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Thu, 30 Mar 2023 05:06:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "15ed7-5f8170ee7c562"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 89815

GET
H/1.1 200
OK jquery-migrate.min.js Show response
canada24.co/wp-includes/js/jquery/ 13 KB
13 KB 95ms
13ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:45 GMT
Last-Modified: Thu, 30 Mar 2023 05:06:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "3470-5f8170ee7c562"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 13424

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
47 KB 159ms
61ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6771666683930277

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec38edfd800366a0d2ef9cc33cb1de948c283732ac6b8c22cce4a9b39efe783e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47967
x-xss-protection: 0
server: cafe
etag: 11829183392842567944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:46 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
canada24.co/wp-includes/js/ 18 KB
19 KB 12ms
12ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Thu, 30 Mar 2023 05:06:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "4904-5f8170ee7b1da"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 18692

GET
H/1.1 200
OK canada-24-1.png
canada24.co/wp-content/uploads/2022/12/ 100 KB
101 KB 12ms
12ms Image
image/png 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2022/12/canada-24-1.png
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: f0f08b751ca9c4066e04b9711f240935393811d6f5aa922a6aa1627333c43e97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 16 Dec 2022 20:22:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "191b0-5eff7ba46ab3c"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 102832

GET
H/1.1 200
OK 43.jpg
canada24.co/wp-content/uploads/2022/12/ 140 KB
141 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2022/12/43.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 4c6d359ae836faf71c35149fd99b2b451fb280527b3e9ec03a32e5ecbbf23f87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 16 Dec 2022 19:22:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2318b-5eff6e5a55bc0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 143755

GET
H/1.1 200
OK newspaper.woff
canada24.co/wp-content/themes/Newspaper/images/icons/ 33 KB
33 KB 12ms
12ms Font
application/font-woff 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/themes/Newspaper/images/icons/newspaper.woff?221
Requested by: Host: canada24.co
URL: https://canada24.co/wp-content/themes/Newspaper/style.css?ver=12.3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d2054b9fb412f742d8d13aa75a48e59b830094999f9000ae8c69916e11b8d805

Request headers

Referer: https://canada24.co/wp-content/themes/Newspaper/style.css?ver=12.3
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 17 Mar 2023 20:36:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "82d0-5f71e89f8aa83"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 33488

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 115ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700%7CWork+Sans%3A500%2C600%2C400%2C700%7CPT+Serif%3A700%2C400%2C600&display=swap&ver=12.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 16:10:14 GMT
x-content-type-options: nosniff
age: 391712
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jun 2024 16:10:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 121ms
44ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 22:48:48 GMT
x-content-type-options: nosniff
age: 367798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jun 2024 22:48:48 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/ 352 KB
118 KB 148ms
70ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6771666683930277&plah=canada24.co&bust=31075205

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6771666683930277

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7281a389d3c936af48ce5762e0541499056185702f31650ba5ad96c32d35b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120858
x-xss-protection: 0
server: cafe
etag: 10618380454012333706
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:46 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230607/r20190131/ Frame 89D4 10 KB
5 KB 148ms
36ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230607/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6771666683930277

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 19:26:43 GMT
etag: 15057649708203361565
expires: Sat, 24 Jun 2023 19:26:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK newspaper-icons.woff
canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/icons/ 6 KB
6 KB 12ms
12ms Font
application/font-woff 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/icons/newspaper-icons.woff?1
Requested by: Host: canada24.co
URL: https://canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=8b696c143e3bac57b8492b1871ec539b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808

Request headers

Referer: https://canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=8b696c143e3bac57b8492b1871ec539b
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1744-5f71e8a4f2b4e"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 5956

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
47 KB 37ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 05:45:28 GMT
x-content-type-options: nosniff
age: 83598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 05:45:28 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
601 B 179ms
46ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=canada24.co&callback=_gfp_s_&client=ca-pub-6771666683930277

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6771666683930277&plah=canada24.co&bust=31075205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f3f30e6905436dd8b70623f92287e45e754a59ea1f047bbdc07002c1b99e2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
457 B 137ms
44ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=canada24.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CA4D 298 KB
73 KB 624ms
623ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&adk=1812271804&adf=3025194257&lmt=1686459526&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fcanada24.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459526242&bpp=8&bdt=374&idt=271&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7381865430407&frm=20&pv=2&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=309

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af11992ace1f7685f03c2f08531325f759cf86315d2392dd35b98441efbecea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 74661
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:47 GMT
expires: Sun, 11 Jun 2023 04:58:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK 5758-canada-lost-17000-jobs-in-may.jpg
canada24.co/wp-content/uploads/2023/06/ 29 KB
29 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5758-canada-lost-17000-jobs-in-may.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81a79158bdefd6bd21a27f8faf843314863a259440aa36e0a0536a0a0e22aa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7471-5fdc7b812960c"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 29809

GET
H/1.1 200
OK 5760-bc-woman-says-doctor-shortage-anti-indigenous-bias-may-be-why-doctors-missed-her-cancer.jpg
canada24.co/wp-content/uploads/2023/06/ 31 KB
32 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5760-bc-woman-says-doctor-shortage-anti-indigenous-bias-may-be-why-doctors-missed-her-cancer.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81ac442ef29e01b9efc07e9abdc4884622799062df9629cbb40b76f06bbf9fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7df9-5fdc7b81f01c6"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 32249

GET
H/1.1 200
OK 5762-enough-is-enough-say-advocates-after-st-johns-school-faces-anti-lgbtq-backlash.jpg
canada24.co/wp-content/uploads/2023/06/ 32 KB
32 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5762-enough-is-enough-say-advocates-after-st-johns-school-faces-anti-lgbtq-backlash.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: da2adf6eb667e905d43c91eaf91ac120eaedc617e574510d4b97f4c7d166c873

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7fb2-5fdc7b8313dcd"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 32690

GET
H/1.1 200
OK 5764-wildfire-smoke-is-in-our-homes-heres-how-to-clear-out-toxic-particles.jpg
canada24.co/wp-content/uploads/2023/06/ 25 KB
25 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5764-wildfire-smoke-is-in-our-homes-heres-how-to-clear-out-toxic-particles.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 7c0f5b7f4728c7e570a5457ad0cb9fc24fdfc2683c80c1e0d4c3892f6acfa945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "6232-5fdc7b8475dee"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 25138

GET
H/1.1 200
OK 5693-jonita-gandhi-was-rejected-from-canadian-idol-now-shes-behind-some-of-bollywoods-biggest-hits.jpg
canada24.co/wp-content/uploads/2023/06/ 37 KB
37 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5693-jonita-gandhi-was-rejected-from-canadian-idol-now-shes-behind-some-of-bollywoods-biggest-hits.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2257a54d3fe4a12a20a9104ffbdeb0827443ccd51981cd67fff5d62d14b99890

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Thu, 08 Jun 2023 13:59:43 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "933d-5fd9eaa1868c8"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 37693

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v18/ 47 KB
47 KB 36ms
35ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 22:35:29 GMT
x-content-type-options: nosniff
age: 22997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47728
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 22:35:29 GMT

GET
H/1.1 200
OK td-multipurpose.ttf
canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/ 127 KB
127 KB 24ms
12ms Font
application/font-sfnt 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.ttf
Requested by: Host: canada24.co
URL: https://canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=8b696c143e3bac57b8492b1871ec539b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 95c06a3e6c28a512b08155b23f867f4699ce33d79ef8ef7a229ee6a33a6c83f6

Request headers

Referer: https://canada24.co/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=8b696c143e3bac57b8492b1871ec539b
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1fa3c-5f71e8a50736f"
Content-Type: application/font-sfnt
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 129596

GET
H/1.1 200
OK 5751-key-words-mark-zuckerberg-says-meta-may-be-primary-beneficiary-of-apple-vision-pro-headset-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 49 KB
49 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5751-key-words-mark-zuckerberg-says-meta-may-be-primary-beneficiary-of-apple-vision-pro-headset-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: e1b17212f06f315c45603308568a24e1c58627c7099c0138514bd19ec62045c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 12:58:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "c44e-5fdc60a8c6413"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 50254

GET
H/1.1 200
OK 5753-washington-watch-top-democrats-use-default-scare-to-push-new-debt-ceiling-overhaul-bill-696x348.jpg
canada24.co/wp-content/uploads/2023/06/ 23 KB
23 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5753-washington-watch-top-democrats-use-default-scare-to-push-new-debt-ceiling-overhaul-bill-696x348.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2044b64f5753fb06c43117733f8f9793d9a74e9885a7eb38acf763b653e4105b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 12:58:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "5c8f-5fdc60aaf6137"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 23695

GET
H/1.1 200
OK 5735-what-tesla-charging-partnerships-with-ford-and-gm-mean-for-the-ev-industry-696x392.jpeg
canada24.co/wp-content/uploads/2023/06/ 17 KB
18 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5735-what-tesla-charging-partnerships-with-ford-and-gm-mean-for-the-ev-industry-696x392.jpeg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 81664ac822700118a7ee2d8e7ed953c7235cc0fcb1e232d0bf9e6c7e3d367e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 03:58:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "45b6-5fdbe7f34c2be"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 17846

GET
H/1.1 200
OK 5737-lionel-messi-is-coming-to-miami-and-hes-boosting-mls-ticket-sales-big-time-696x392.jpeg
canada24.co/wp-content/uploads/2023/06/ 32 KB
32 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5737-lionel-messi-is-coming-to-miami-and-hes-boosting-mls-ticket-sales-big-time-696x392.jpeg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: b62c7525abf6f04c07653693b8866aceb0574279107a0640136a8e5e62fec512

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 03:58:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7f28-5fdbe7f5b657c"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 32552

GET
H/1.1 200
OK 5739-crypto-tokens-plunged-this-week-after-gensler-stepped-up-sec-crackdown-696x392.jpeg
canada24.co/wp-content/uploads/2023/06/ 45 KB
45 KB 20ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5739-crypto-tokens-plunged-this-week-after-gensler-stepped-up-sec-crackdown-696x392.jpeg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 49b406e44cc5b10d752d976b27154d87f10732ff4c80bcd5dc4444252ebeb7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 03:58:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "b3d6-5fdbe7f7dfd0f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 46038

GET
H/1.1 200
OK 5747-man-utd-tottenham-warned-40m-target-is-firmly-on-radar-of-la-liga-giants-after-neville-plea-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 33 KB
33 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5747-man-utd-tottenham-warned-40m-target-is-firmly-on-radar-of-la-liga-giants-after-neville-plea-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d72c797e9a478f9b23f4c7853d4cae1b3a880a7f55493309661940b6a36080fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 06:58:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "8484-5fdc103059e2f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 33924

GET
H/1.1 200
OK 5717-man-utd-takeover-finance-expert-confirms-big-news-as-changes-wont-impact-jassims-mega-offer-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 94 KB
94 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5717-man-utd-takeover-finance-expert-confirms-big-news-as-changes-wont-impact-jassims-mega-offer-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 37731ce25eb31f70028215d2a38794d04b5cc50fdfd7a488783c288c36c8ec96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 09 Jun 2023 06:58:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1767f-5fdace5726083"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 95871

GET
H/1.1 200
OK 5683-tottenham-boss-stellini-hits-out-at-carragher-and-murphy-over-strange-criticism-towards-kane-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 26 KB
27 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5683-tottenham-boss-stellini-hits-out-at-carragher-and-murphy-over-strange-criticism-towards-kane-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: dbe69967a22b67057e7f853839818529ac319fd1af585abe34b7c9edaddebbe5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Thu, 08 Jun 2023 06:59:08 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "69e1-5fd98c9f68668"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 27105

GET
H/1.1 200
OK 5609-liverpool-target-reveals-he-went-to-sign-arsenal-contract-before-deal-got-complicated-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 46 KB
46 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5609-liverpool-target-reveals-he-went-to-sign-arsenal-contract-before-deal-got-complicated-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: aab5ea4ce3ee44c38d80b6d88b14850e8f4e5e8aa1568b2a8f07633660382601

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Tue, 06 Jun 2023 06:58:44 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "b80f-5fd708cdab345"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 47119

GET
H/1.1 200
OK 5575-arsenal-legend-claims-artetas-side-will-have-one-hand-on-title-if-they-win-at-liverpool-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 26 KB
26 KB 16ms
16ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5575-arsenal-legend-claims-artetas-side-will-have-one-hand-on-title-if-they-win-at-liverpool-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 16051e988fefb342470bdc74eb95f52e721fcb60f14f86a02ffafdede0fdb7f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Mon, 05 Jun 2023 06:59:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "687e-5fd5c7170a7fc"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 26750

GET
H/1.1 200
OK 5681-thousands-of-new-creatures-discovered-in-deep-sea-mining-zone-696x464.jpg
canada24.co/wp-content/uploads/2023/06/ 36 KB
36 KB 26ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5681-thousands-of-new-creatures-discovered-in-deep-sea-mining-zone-696x464.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: c1805845a47cc4e2a57affaf7118b304a7c5948fb5e6d94f413c7c6ab5b848c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Thu, 08 Jun 2023 06:59:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "8e72-5fd98c99b1bc8"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 36466

GET
H/1.1 200
OK 5705-what-is-paxlovid-rebound-and-how-common-is-it-696x493.jpg
canada24.co/wp-content/uploads/2023/06/ 46 KB
46 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5705-what-is-paxlovid-rebound-and-how-common-is-it-696x493.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 34662fc6970f5beb530be3aa4ca567c6e63f9e47dc7c085383938c0c9e0e86da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Thu, 08 Jun 2023 18:59:45 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "b77d-5fda2db17e8d0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 46973

GET
H/1.1 200
OK 5629-a-rare-form-of-dementia-can-unleash-creativity-696x574.jpg
canada24.co/wp-content/uploads/2023/06/ 68 KB
68 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5629-a-rare-form-of-dementia-can-unleash-creativity-696x574.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: b629672e922619d8cb87c35c03d1a9cd4cd302adefd4eefcbbdd864dce4c09ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Tue, 06 Jun 2023 17:59:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "10ffa-5fd79c818e74a"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 69626

GET
H/1.1 200
OK 5645-new-york-city-is-sinking-under-its-own-weight-696x464.jpg
canada24.co/wp-content/uploads/2023/06/ 42 KB
42 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5645-new-york-city-is-sinking-under-its-own-weight-696x464.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: f3d4dd286e4d97debe5b027d16a5b319e4a812693477845e069f61e77fd0d18e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Wed, 07 Jun 2023 05:59:08 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "a6df-5fd83d58c7bdf"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 42719

GET
H/1.1 200
OK 5719-the-pandemic-caused-a-baby-boom-in-red-states-and-a-bust-in-blue-states-696x481.png
canada24.co/wp-content/uploads/2023/06/ 169 KB
169 KB 14ms
12ms Image
image/png 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5719-the-pandemic-caused-a-baby-boom-in-red-states-and-a-bust-in-blue-states-696x481.png
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 37bf1d24965bc04c4caa88a223cd971ee9f2cef9f5f1f82b619b54ccf02a9e79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 09 Jun 2023 07:59:19 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2a2ce-5fdadbf029d78"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 172750

GET
H/1.1 200
OK 5776-suga-i-want-bts-to-be-together-until-we-die.jpg
canada24.co/wp-content/uploads/2023/06/ 58 KB
58 KB 21ms
14ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5776-suga-i-want-bts-to-be-together-until-we-die.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: ac4b71a2b2236e975dc60d1b5e6f7892fc8b3d81347b8a53801cac1a3b44f86b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sun, 11 Jun 2023 04:58:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "e80a-5fdd37493b928"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 59402

GET
H/1.1 200
OK 5745-bono-there-are-no-speakers-the-entire-building-is-a-speaker-u2-preview-sphere.jpg
canada24.co/wp-content/uploads/2023/06/ 71 KB
72 KB 20ms
17ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5745-bono-there-are-no-speakers-the-entire-building-is-a-speaker-u2-preview-sphere.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 6357a67df341d4ed75451876c5758dec0f6eb8de7625dfc0dd8524be96023b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 04:58:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "11d5a-5fdbf55c9f468"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 73050

GET
H/1.1 200
OK 5755-meghan-trainor-apologises-for-remark-about-teachers.jpg
canada24.co/wp-content/uploads/2023/06/ 73 KB
73 KB 14ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5755-meghan-trainor-apologises-for-remark-about-teachers.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 0778b63d6208de1a53bf6d19c4c0d24d1ab65813eebcd046e0f8b993d4c33707

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Sat, 10 Jun 2023 12:58:31 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "122b9-5fdc60adea304"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 74425

GET
H/1.1 200
OK 5715-a-tour-beyond-what-everyone-can-imagine-suga-reveals-what-fans-can-expect-from-first-solo-world-tour.jpg
canada24.co/wp-content/uploads/2023/06/ 36 KB
36 KB 17ms
16ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5715-a-tour-beyond-what-everyone-can-imagine-suga-reveals-what-fans-can-expect-from-first-solo-world-tour.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: af867b57adb916a1d85aa35d6ca3f8c3cb7ccbf7b1b42e94385617d6642772e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 09 Jun 2023 03:02:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "90af-5fda997c8e4c6"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 37039

GET
H/1.1 200
OK 5725-k-pop-boy-band-seventeen-share-mini-album-fml-and-super-music-video.jpg
canada24.co/wp-content/uploads/2023/06/ 44 KB
44 KB 30ms
17ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5725-k-pop-boy-band-seventeen-share-mini-album-fml-and-super-music-video.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: a75af83b8288085f4a517f13d6e9581867eef1ea35dd19c64959faf0a21f1865

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:46 GMT
Last-Modified: Fri, 09 Jun 2023 11:58:26 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "ae5c-5fdb1162c40a3"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 44636

GET
H/1.1 200
OK 5675-squid-games-thai-coconut-expands-horizons-beyond-beverages-to-enter-plant-based-foods-sector-696x392.jpg
canada24.co/wp-content/uploads/2023/06/ 40 KB
40 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5675-squid-games-thai-coconut-expands-horizons-beyond-beverages-to-enter-plant-based-foods-sector-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 3d6aec4c81cfcfb380b0c28463450e90e462d49378e29856f1835ce20b3bd8de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Thu, 08 Jun 2023 02:58:36 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "9f3a-5fd956dbf6c35"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 40762

GET
H/1.1 200
OK 5701-trust-as-important-as-tech-how-to-convince-sea-smallholders-to-drive-climate-smart-farming-696x464.jpg
canada24.co/wp-content/uploads/2023/06/ 113 KB
114 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5701-trust-as-important-as-tech-how-to-convince-sea-smallholders-to-drive-climate-smart-farming-696x464.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: cd1beaae80563bc042ec982dbcf9740bd9ac877913006ff795db777828630325

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Thu, 08 Jun 2023 15:00:46 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1c5a4-5fd9f846aa678"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 116132

GET
H/1.1 200
OK 5727-not-a-quick-win-chinas-plant-based-brand-youkuai-on-collaboration-crusade-to-crack-the-worlds-largest-consumer-market-696x382.jpg
canada24.co/wp-content/uploads/2023/06/ 36 KB
36 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5727-not-a-quick-win-chinas-plant-based-brand-youkuai-on-collaboration-crusade-to-crack-the-worlds-largest-consumer-market-696x382.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 4c4c826ea9ed3340c2f3422c631af1b6f9f37312aeba4f0fb424d85dc67911ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 09 Jun 2023 15:58:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "8f02-5fdb472696927"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 36610

GET
H/1.1 200
OK 5741-high-vitamins-use-in-nz-but-uncertainty-over-regulations-felt-by-industry-and-consumers-696x464.jpg
canada24.co/wp-content/uploads/2023/06/ 48 KB
48 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5741-high-vitamins-use-in-nz-but-uncertainty-over-regulations-felt-by-industry-and-consumers-696x464.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2d38876437cb01e4cabcaad29982ae4b9d306341ce2c2a2ca1cbeeb37556bb78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Sat, 10 Jun 2023 03:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "bfdb-5fdbe7fb98f3d"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 49115

GET
H/1.1 200
OK 4997-india-focus-parle-gladful-local-millet-safety-standards-and-more-feature-in-our-round-up-696x464.jpg
canada24.co/wp-content/uploads/2023/05/ 27 KB
27 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/05/4997-india-focus-parle-gladful-local-millet-safety-standards-and-more-feature-in-our-round-up-696x464.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 64743cd8f493b8cc9b5a782f850cb4ba3eed6c17ca42c99531e6fd5e081f1410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 19 May 2023 23:58:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "6b89-5fc14b3321299"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 27529

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/ 153 KB
52 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/reactive_library_fy2021.js?bust=31075205

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69a9607e3960d59b5ccf774d2aa68375ce20dd014db901464ec3e95f422c06a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53116
x-xss-protection: 0
server: cafe
etag: 8809485068869642892
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
166 B 45ms
44ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=canada24.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/ Frame CCE4 10 KB
4 KB 36ms
35ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 42537
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 17:09:50 GMT
etag: 15057649708203361565
expires: Sat, 24 Jun 2023 17:09:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/ Frame 1501 10 KB
4 KB 36ms
35ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 42537
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 17:09:50 GMT
etag: 15057649708203361565
expires: Sat, 24 Jun 2023 17:09:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame CCE4 4 KB
769 B 45ms
45ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 04:40:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CCE4 205 B
649 B 137ms
36ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:24:23 GMT
x-content-type-options: nosniff
age: 2064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 10 Jun 2024 04:24:23 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CCE4 604 B
695 B 145ms
45ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:36:43 GMT
x-content-type-options: nosniff
age: 1324
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 10 Jun 2024 04:36:43 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/elements/html/ Frame CCE4 20 KB
9 KB 128ms
33ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f39d54e71a3c475b8a65cdcdd903b249e8b8a4538f6c8f0b1f8b3c34a093302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 02:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8493
x-xss-protection: 0
server: cafe
etag: 12780958209750988066
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 02:10:13 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1501 14 KB
1 KB 46ms
46ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 04:12:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 1501 2 KB
973 B 162ms
75ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:28 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1501 0
0 84ms
83ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CY_GchlSFZJeaI6iAjuwPxuatyAbNlKOBcbrpotvhEQoQASDbl8qOAWCV4pCCoAegAeyz8sAByAEJqAMByAPLBKoEzQFP0F84nHW-yJ7Av6ch-gvUiLH0p7Pex5jb3pPjtwNiB-haq2uld9PAflTvmRZD5NuhJ2JZILncoenss-D_ZyO6tHiX4blrQZUPYWaAn9qbQuYuz36sqJhPIKAKoTDlbI9nTS93uVnXTfgIp1GiyxLjK0ex_OotAcArORcaoNoxNKubGWUGZQLWojRgX8eAiZv_PE2pW8GtehimjWBLXsJfYUQAREjO04tMT5Zr5DvBlF2r40fOcT4FoR1WR3M-VuD9JCgzEBE-2SSuPavdwATZgOrmpgSSBQQIBBgBkgUECAUYBKAGLoAH_MuNvwKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHAxDwcNIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNjc3MTY2NjY4MzkzMDI3NxgA&sigh=fKHdgs9QEno&uach_m=[UACH]&cid=CAQSGwBygQiDW8wZWxWTBf57lfBws3egt3Amg6SH1BgB&template_id=5000

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Jun 2023 04:58:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/ Frame 1501 23 KB
9 KB 152ms
69ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:37:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15670
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 17960421598201694375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:37:37 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 1501 3 KB
1 KB 159ms
76ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74566
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 1501 20 KB
8 KB 121ms
37ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1501 175 KB
55 KB 138ms
46ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 d955217a3c39fa1d48035534c1a62142.js Show response
www.gstatic.com/mysidia/ Frame 1501 32 KB
14 KB 124ms
37ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d955217a3c39fa1d48035534c1a62142.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c8d1021bd2ee3bb73e29d8fdf79a184be2c6b5ef6ba41b0a6bd09519d0dfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13662
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 22:56:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Sep 2023 23:08:54 GMT

GET
H2 200 3514131790483889263
tpc.googlesyndication.com/simgad/11551711138074613264/ Frame 1501 20 KB
21 KB 165ms
84ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11551711138074613264/3514131790483889263?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c303d66ae86e6155122884b34585e5941e07f94e119b8db306cc01fd6412b85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 07:14:49 GMT
x-content-type-options: nosniff
age: 251038
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20773
x-xss-protection: 0
last-modified: Tue, 06 Jun 2023 21:43:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 07 Jun 2024 07:14:49 GMT

GET
DATA 200
OK truncated
/ Frame 1501 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1501 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 css
fonts.googleapis.com/ Frame E946 14 KB
1 KB 45ms
45ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 03:13:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame E946 2 KB
926 B 133ms
102ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/ Frame E946 23 KB
9 KB 106ms
77ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:37:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15670
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 17960421598201694375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:37:37 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame E946 3 KB
1 KB 129ms
101ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74566
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame E946 20 KB
8 KB 71ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E946 175 KB
55 KB 144ms
107ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H2 200 d955217a3c39fa1d48035534c1a62142.js Show response
www.gstatic.com/mysidia/ Frame E946 32 KB
13 KB 80ms
47ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d955217a3c39fa1d48035534c1a62142.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c8d1021bd2ee3bb73e29d8fdf79a184be2c6b5ef6ba41b0a6bd09519d0dfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13662
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 22:56:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Sep 2023 23:08:54 GMT

GET
H3 200 EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v18/ 29 KB
29 KB 37ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Fri, 09 Jun 2023 23:54:01 GMT
x-content-type-options: nosniff
age: 104686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29588
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:28:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 08 Jun 2024 23:54:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=canada24.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 258D 112 KB
38 KB 383ms
382ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=600&slotname=8383182661&adk=1159937247&adf=478544684&pi=t.ma~as.8383182661&w=262&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=262x600&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527553&bpp=22&bdt=1685&idt=22&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1234&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=sSsq9644cX&p=https%3A//canada24.co&dtd=29

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a0c032e90a237db4a80350a33d57e720c90b87b70d146dc6e4b910c6ba195f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 38625
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5518 92 KB
28 KB 831ms
830ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0908615c0fcebd6b8cb8ef80b748c3b57bc2b3153b99b9f5629a43abfd9e2cc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 28919
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66FD 44 KB
16 KB 427ms
426ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

508a687aa2d0c97ada3f2733f0aba11922fc29e40b8a8ce11f0cee0ddcce78e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16043
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 98b1227f47a0a5980fe51449f811e860
secure.gravatar.com/avatar/ 1 KB
2 KB 34ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/98b1227f47a0a5980fe51449f811e860?s=96&d=mm&r=g
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 67f565f25c1bb8ae629cfca60c71766232073a0c905e0387e45895657b4ae3e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 11 Jun 2023 04:58:47 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="98b1227f47a0a5980fe51449f811e860.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/98b1227f47a0a5980fe51449f811e860?s=96&d=mm&r=g>; rel="canonical"
content-length: 1528
expires: Sun, 11 Jun 2023 05:03:47 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 20D4 165 KB
53 KB 692ms
692ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a041a0e67da859fef6ceef32058ec2fa800726154b2fd4c2e0445c19a79651a

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJfP1qi3uv8CFSWCgwcddAUHTw&gqi=h1SFZJGIMtC89u8P8vyEiAU&layout=/sadbundle/%24csp%253Der3%24/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 53837
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJfP1qi3uv8CFSWCgwcddAUHTw&gqi=h1SFZJGIMtC89u8P8vyEiAU&layout=/sadbundle/%24csp%253Der3%24/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1501 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e333e1f4ee2f504155a24d3b8276a554f63f8ea5b6cc511d63839572aade0916

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK underscore.min.js Show response
canada24.co/wp-includes/js/ 18 KB
19 KB 13ms
12ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/js/underscore.min.js?ver=1.13.4
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Tue, 27 Sep 2022 15:18:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "4991-5e9aa27ccd240"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18833

GET
H/1.1 200
OK js_posts_autoload.min.js Show response
canada24.co/wp-content/plugins/td-cloud-library/assets/js/ 5 KB
6 KB 13ms
13ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=d72a7d54cd61ce0a128c0a91d76ef60a
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: c34299966d31c0354eac70bc6fc85bedcfa88a5ec90973ce4f3cdc6c5d103bd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "14e2-5f71e8ad9a109"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 5346

GET
H/1.1 200
OK tagdiv_theme.min.js Show response
canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/js/ 301 KB
301 KB 13ms
13ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=12.3
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 7ab56986ff9a66c35dcce1d3e2e2991e562a690e4e9d7388ea94f107cf49393f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "4b207-5f71e8a4f3706"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 307719

GET
H/1.1 200
OK comment-reply.min.js Show response
canada24.co/wp-includes/js/ 3 KB
3 KB 12ms
12ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-includes/js/comment-reply.min.js?ver=6.2.2
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "ba5-5dc2a2438e980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 2981

GET
H/1.1 200
OK js_files_for_front.min.js Show response
canada24.co/wp-content/plugins/td-subscription/assets/js/ 34 KB
34 KB 13ms
13ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-subscription/assets/js/js_files_for_front.min.js?ver=1.4.1
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: a029209ef3e4d32e3a95d52b56bb3452e3bdbc9785b44a80bc1e12c974851207

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "8897-5f71e8b4ec1c4"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 34967

GET
H/1.1 200
OK js_files_for_front.min.js Show response
canada24.co/wp-content/plugins/td-cloud-library/assets/js/ 185 KB
185 KB 14ms
13ms Script
application/javascript 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://canada24.co/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=d72a7d54cd61ce0a128c0a91d76ef60a
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 9c8278221147696926ffbde372b3afc957210a7b293caad1cdad02af8795dbc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:47 GMT
Last-Modified: Fri, 17 Mar 2023 20:37:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "2e345-5f71e8ad9a4f1"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 189253

GET
H3 200 EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v18/ 32 KB
32 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://canada24.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 22:48:43 GMT
x-content-type-options: nosniff
age: 367804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33116
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:52:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jun 2024 22:48:43 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 258D 14 KB
1 KB 45ms
44ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=600&slotname=8383182661&adk=1159937247&adf=478544684&pi=t.ma~as.8383182661&w=262&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=262x600&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527553&bpp=22&bdt=1685&idt=22&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1234&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=sSsq9644cX&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 04:40:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 258D 2 KB
926 B 38ms
37ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/ Frame 258D 23 KB
9 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:37:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15671
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 17960421598201694375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:37:37 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 258D 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 258D 20 KB
8 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 258D 0
0 124ms
43ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQONVDDHCKkQpaG_4FIww4dtkFQTF129XPsNTIHaU6EPiab8RgSJCzj9HmfmaDn8fJIlaEsiVH7zyY7iQU5_AJd7c-btg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=600&slotname=8383182661&adk=1159937247&adf=478544684&pi=t.ma~as.8383182661&w=262&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=262x600&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527553&bpp=22&bdt=1685&idt=22&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1234&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=sSsq9644cX&p=https%3A//canada24.co&dtd=29
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 258D 175 KB
55 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H2 200 d955217a3c39fa1d48035534c1a62142.js Show response
www.gstatic.com/mysidia/ Frame 258D 32 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d955217a3c39fa1d48035534c1a62142.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c8d1021bd2ee3bb73e29d8fdf79a184be2c6b5ef6ba41b0a6bd09519d0dfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13662
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 22:56:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Sep 2023 23:08:54 GMT

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame F57C 37 KB
14 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 258D 0
0 81ms
80ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDHKFh1SFZPmgJYns3wOd0KbwB7OXpJdvqc2GuvIQ3tkeEAEg25fKjgFg0ASgAaududUByAEJqAMByAPLBKoEwwFP0NsRU2Hws-eafPoLOQbztCXtUJWHrV_g_oGJi5fQeYmN5sLcRZCWQZhh0TxIG3hYtBD3TIJ8u3mAyGL3MTebl7utnJf--DBQrY1OKtwNXft8LzD6qCxdtd19M_DidQqybTW8PXDazv3NvwRgCA5k1fuIihM0RJFdTQqf3igKRljXdO92MqJqPnEtNt727rKmrPhLhvh0GZ2JKBS3UdlRmGio-pRHJmEhQt8m64ua2mKYfumyymmSqnrAAr7SfVbYHXjABKnhx96TBJIFBAgEGAGSBQQIBRgEoAYugAe94saqAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOCHENIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoByAsB2BMMiBQD0BUBmBYBgBcBshccChoIABIUcHViLTY3NzE2NjY2ODM5MzAyNzcYAA&sigh=4QmGb9yotWs&uach_m=[UACH]&cid=CAQSOwBygQiDAALqUeU9XO_zcxQomBNxFj6BMaweKGp1OX_x2LcSUJQCbtSxmiE3nFJ1fBJz0yQNX1tPFm05GAE&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=600&slotname=8383182661&adk=1159937247&adf=478544684&pi=t.ma~as.8383182661&w=262&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=262x600&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527553&bpp=22&bdt=1685&idt=22&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1234&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=sSsq9644cX&p=https%3A//canada24.co&dtd=29
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C672 1 KB
643 B 38ms
38ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 56378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Sun, 11 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/13254715972125728709/ Frame 258D 24 KB
24 KB 71ms
71ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13254715972125728709/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe80f71c0ab949d390bdca99a5ee45addafcb58e7cce61085275574bcfac8318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24721
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 19:43:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Jun 2024 04:58:48 GMT

GET
DATA 200
OK truncated
/ Frame 258D 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 258D 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 4FEC 37 KB
14 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
DATA 200
OK truncated
/ Frame 258D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 61816e56926dbd0b3a4743fb3f63789e0bc4c065bab87feb1ed207fd05cc0c6d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame E7E3 2 KB
2 KB 63ms
27ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc06f1acbc6b4dd91d1349e328db85fa419317f8fef2b12cc33219161ee2a6f0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7d5747f388a3bb37-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 9FAD 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6E04 1 KB
643 B 38ms
38ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 56378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Sun, 11 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 9FAD 20 KB
8 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FAD 175 KB
55 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEDrZQaJBNCqBB5FR0aQl4ls&google_cver=1&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqm...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqmbRIxppdxr2i8-uA

170 B
330 B

63ms
50ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqmbRIxppdxr2i8-uA

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 11 Jun 2023 04:58:48 GMT
Server: MT3 986 b247903 master zrh zrh-pixel-x11 config_version:"359"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNEaDNgZfhFUVe5BBpWbM1DsUE9ebIFsWOEi4bH4ftliHQJDWJF6eMYSK57k7RQ8PfPwbK9U7krvfEXqBqmbRIxppdxr2i8-uA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 11 Jun 2023 04:58:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEFFWyd4Tm3AyFbmTAbo7S8c&google_cver=1&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJVb...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=LKueEL9zW31d9M9jBpnyC7nVm7U&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJV...

170 B
188 B

48ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=LKueEL9zW31d9M9jBpnyC7nVm7U&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJVbHOlpdD1KO_oKgEg

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=LKueEL9zW31d9M9jBpnyC7nVm7U&google_push=ATf1kGOM8bIZy8dbHzNPqxAHsKxQWTnwvxMCiqM-KH4baGqQrpnArbCIezWT0h1vVEZTV09T63oUduhMDC4HJVbHOlpdD1KO_oKgEg
Date: Sun, 11 Jun 2023 04:58:48 GMT
Connection: keep-alive
Content-Length: 244
Content-Type: text/html; charset=utf-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8Fk2wy1UvpS36_ME2Ef0

170 B
233 B

49ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8Fk2wy1UvpS36_ME2Ef0

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOzzSl6U-ewcxeTXgLzaCV1f5nUgx8Yz9l-ZD6p7ROC6ogOGpG35QCn-7G4piz5fj6AHkB0SGu7A4M8Fk2wy1UvpS36_ME2Ef0
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEDh9ffVPdclgpKI3WgXt58s&google_cver=1&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FL...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FLH1_ttbDsgXx0WFK4FyU_0ZrgXUvUH0F_RZWgWiQalxe9FcX&google_hm=QlMuMjhmMC1mNT...

170 B
188 B

47ms
47ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FLH1_ttbDsgXx0WFK4FyU_0ZrgXUvUH0F_RZWgWiQalxe9FcX&google_hm=QlMuMjhmMC1mNTUzLTRiNjEtOTk1Mg==

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=ATf1kGPw5Xl2iS2IG7B1CLAKUdrId96-PIMfpLYGJWg7ttbM14tOFO2FLH1_ttbDsgXx0WFK4FyU_0ZrgXUvUH0F_RZWgWiQalxe9FcX&google_hm=QlMuMjhmMC1mNTUzLTRiNjEtOTk1Mg==
Date: Sun, 11 Jun 2023 04:58:48 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEFZNIObssPAKj1d1T422feY&google_cver=1&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQ...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQUWS-fa8mi&google_hm=NTQ3MDE...

170 B
233 B

49ms
49ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQUWS-fa8mi&google_hm=NTQ3MDE4MTE0MDYwODA0NDc1Mg==

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOy7OtHu5lw_54VI4AU_pOBCKE-UEQCwp-AxG_uSov6FU1jNHaUsyIeGQNvcotBIzpiSgsIN6H2FAiUYwohP2VDEQQUWS-fa8mi&google_hm=NTQ3MDE4MTE0MDYwODA0NDc1Mg==
Date: Sun, 11 Jun 2023 04:58:48 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame C672
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEGLCNq0E4Uf4zq5OBaVc-lM?ext-param=ATf1kGNmVB21V0pGcu93D5S2XNMN-U7vR2CmkHPnKyzZ5xiSoEl5Q6_44sOd6ztVMvfvD203DJ4ZiCC2wWAM02fIKYcY_QyNBFqKCBZv&partner-tag=yandex_...
https://an.yandex.ru/mapuid/google/CAESEGLCNq0E4Uf4zq5OBaVc-lM?redir-setuniq=1&ext-param=ATf1kGNmVB21V0pGcu93D5S2XNMN-U7vR2CmkHPnKyzZ5xiSoEl5Q6_44sOd6ztVMvfvD203DJ4ZiCC2wWAM02fIKYcY_QyNBFqKCBZv&par...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEGLCNq0E4Uf4zq5OBaVc-lM&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
145 B

55ms
55ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 26 May 2024 04:58:48 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C672
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEBwPcu_TmNt_F5-H9XZwvBo&google_cver=1&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxF...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxFhVu7ew1&google_hm=d1dcd474c9...

170 B
188 B

46ms
46ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxFhVu7ew1&google_hm=d1dcd474c9683dd9b788b3bd6e2b6b59

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGPFxpxom0XK43diGcFoX4EQ5DsThyKfeAQmEZdLVOeUEkN6B9_JJCWUB0PEWN-9sSfAkD0e9q0watKhF5qricuqHvUxFhVu7ew1&google_hm=d1dcd474c9683dd9b788b3bd6e2b6b59
date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
content-type: text/html; charset=utf-8

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame C672 0
131 B 149ms
46ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JCpz2YE6Me8WbJjyyHnoT602Rldd7kqbsm_QVtibOi9PB3yMqqo_vnnlm98Y7VCHS-TPsPgiZW2A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.42/one-ad/ Frame E7E3 106 KB
13 KB 22ms
21ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.42/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dbe73a90f1370d3bdefdeb5ccca6a4f3c6edb2bc1b06c47b7e5ae2457bc58ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1686312358
age: 146863
cf-polished: origSize=108907
x-guploader-uploadid: ADPycds4BaPB2cnNKfGCpO0DHbi1YsFTcCTGXC9fJnH_NboEzcGfHcnLXlcIvq2iasQ1ZmCVOJqaFT1yvUfFyfqQRQlEfuWooABE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 09 Jun 2023 12:06:25 GMT
server: cloudflare
etag: W/"913a188acf4937267d989357edafdccf"
vary: Accept-Encoding
x-goog-generation: 1686312385390155
content-type: text/css
x-goog-hash: crc32c=+kWf1Q==, md5=kToYis9JNyZ9mJNX7a/czw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WksZPN47CBpuxRtglKd9xVrR5glJMwXFt1AotCGuw2QHT4tY9STig6G1YBDpDV7THuAFusGGkngoZu%2FUTT1jCgJH8zptuXa0faEcTp07L3dozZscgKNEDxRnUnBsfwaKluKcrQ0HoqA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 108907
cf-ray: 7d5747f40900bb37-FRA
expires: Sun, 11 Jun 2023 05:58:48 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame E7E3 25 KB
10 KB 34ms
17ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 208366
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FLP5toXmv2fIX0bZ2YvLAodBBJs%2BwTFdO%2BHbBdTkJA%2BLyHU%2BdPcPNJk05bYQIgOrQS7VXy2WHtz76xFfh25kSQFx64NjTgG03MDBmXSWXcTWF3pz4i6Z%2F9x5%2BciCzGYJVycisKk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7d5747f42912bb37-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 Jun 2023 13:46:12 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 258D 33 KB
33 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 19:10:42 GMT
x-content-type-options: nosniff
age: 380886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jun 2024 19:10:42 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 6E04 35 B
465 B 39ms
8ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELctThnNfbQRn23YMNSuSP4&google_cver=1&google_push=ATf1kGPmbKLmU7Ee8Grjz3Ljg8eNM2GcshLLuwJ5uxJIazhbjuOnUah1N3z-QwTTN8PRmrv__u3gUQQhW2mC-igFsK2EH0H-ifFjPg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 6E04 0
105 B 130ms
69ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESED4LcqoaseXIFkNtLnd2VMA&google_cver=1&google_push=ATf1kGN6zgcQg1Aed3AZlcTwFUQ4uwvqT-zV3qRUJB0kDq5Gm3qm9S_QdG90sk3mlj6IhoBmazvNJ9qWEA3ITOWfiXbtE-t7Nj_I
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6E04
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEG6zPOLZeRBc1Fy6y371vok&google_push=ATf1kGNGhWP_cktW9VqBFp0Mn2PyVQpaxYnTFpuW0bwx0q9UPlH7uP5wjP...

170 B
188 B

46ms
46ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEG6zPOLZeRBc1Fy6y371vok&google_push=ATf1kGNGhWP_cktW9VqBFp0Mn2PyVQpaxYnTFpuW0bwx0q9UPlH7uP5wjP7bQTphy17MeUSxoyCjooV9xPvkyDCbgLMiShswLS3-CQ

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230040-FRA
pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1686459528.441624,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEG6zPOLZeRBc1Fy6y371vok&google_push=ATf1kGNGhWP_cktW9VqBFp0Mn2PyVQpaxYnTFpuW0bwx0q9UPlH7uP5wjP7bQTphy17MeUSxoyCjooV9xPvkyDCbgLMiShswLS3-CQ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 6E04 43 B
363 B 62ms
16ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEBIDECBoj3ZH8g_OxU9otVg&google_cver=1&google_push=ATf1kGPs9Kn9VA6LmTQQAumSrd3oLWVy4Lv6lAMJKut6Ei5ROPe0-QtUuFzlhb5WZwLgGezlVWdwAqnpyqm3FOMKZcCk2nNDXUjv

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:47 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 223878
expires: Sun, 11 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6E04
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEaJVmTeBjVDRVwnV5pJv7c&google_cver=1&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nf...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEaJVmTeBjVDRVwnV5pJv7c&google_cver=1&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4j...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc3NDc1NTE3NDIxNjkzMDc0Nw&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_...

170 B
188 B

46ms
45ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc3NDc1NTE3NDIxNjkzMDc0Nw&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nfqkneluF-eCtwETRjT9ZAGw

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc3NDc1NTE3NDIxNjkzMDc0Nw&google_push=ATf1kGPoYcTurVQDFawopcGEMLKUBedELj2ZKimqFnANro88D3yRNIk2h0Yg9fNe2qLXeFuvV4jSq_nfqkneluF-eCtwETRjT9ZAGw
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 trk
ag.innovid.com/ Frame 6E04 43 B
298 B 206ms
20ms Image
image/gif 2a05:d01c:1d8:8102:5008:e6da:141f:d7eb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEAZJEJ7xY0Bm6ZAVQYfZhK8&google_cver=1&google_push=ATf1kGO21LqxOW_8s-LbqQpq9RfvwIjIgEkV-vaBiGLflRhZ6gLGp_F4i8akY6WoTl9agTPHEeHXu5WWDi8T2sK7o78PWfvKp7-3uA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:5008:e6da:141f:d7eb London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
cache-control: no-cache
content-length: 43
request-time: 1
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6E04
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aU...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aUw7_SyUwJ7LCfJPQhwQ

170 B
233 B

49ms
49ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aUw7_SyUwJ7LCfJPQhwQ

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMYYGbepvlm6miiFas1TogVxbs1eAB-Fs_S-JPGN9_anGu99Y2HE6wNS0QAkGk88tkFxgfnRu8mO1aUw7_SyUwJ7LCfJPQhwQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 6E04 0
50 B 47ms
46ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K-vrWrp_NydsstVH-JdBfy_qmDTE8RNmtEiF4wx-LuSwnTOW-QAVeMTzy8CX4POu4NQXbu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 9FAD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f450ff047bea8df79fbc6e5ecdf1848d1af4268b41ee2c9fc0e34a265bd3280

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame B50F 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5518 4 KB
632 B 45ms
44ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Jun 2023 04:43:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 5518 2 KB
892 B 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:28 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/ Frame 5518 23 KB
9 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:37:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15671
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 17960421598201694375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:37:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 5518 3 KB
1 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 5518 20 KB
8 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5518 0
0 44ms
43ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQFPzFfyiL2VYrGEEoI-C96V7-I5vcUvJPcPt0SFpvNYzfck6mENFAP3qxXvNW0rNuhBcjrMSUSioBAAeUBoFd3qKspOQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5518 175 KB
55 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H3 200 d955217a3c39fa1d48035534c1a62142.js Show response
www.gstatic.com/mysidia/ Frame 5518 32 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d955217a3c39fa1d48035534c1a62142.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c8d1021bd2ee3bb73e29d8fdf79a184be2c6b5ef6ba41b0a6bd09519d0dfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13662
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 22:56:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Sep 2023 23:08:54 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame E7E3 3 KB
4 KB 77ms
21ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.42/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3040
x-guploader-uploadid: ADPycdvuqSd5z7x-P6zciDvJguhfevnTZzPv-sFvdv4VVTj2cCVUndir5fZqBzjNPOlq80uW-sAFhIkV33WDoT1aRSnwIseHrQ
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X0Q%2BStL0eupz5bNyr5rog4%2Bl7DlpGEvRsNJuFNsAuSTOpWSn3S124xYXe120ujrHsJZ%2BwWlSLUxm6HuHQL8wrQe6oeggVkuhekDySIR%2FnI36T7fmzfWn7HyVzEDw%2FqQLUU0dEjiRoWqqvvOS9cERGKc9"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7d5747f54ff8690a-FRA
expires: Sun, 11 Jun 2023 05:08:08 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 037E 1 KB
643 B 39ms
38ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 56378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Sun, 11 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 frame.html Show response
ad4m.at/ Frame B450 2 KB
1 KB 26ms
25ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1180616
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7d5747f50b1a1a47-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Sun, 11 Jun 2023 04:58:48 GMT
expires: Mon, 08 May 2023 00:16:30 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJsiB1TJoav2k4idHbYNTxtXUm18grDItgVrDobVfpaLsAKw7Bl0eABOXFsCqcEYgyHt3v6VaJqm4xtvUTizq2bmHc53hY9LRPsfOnq2q4pIEJKtSGMlA1o2k5%2BNEm9p0W5ad5w%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 5518 25 KB
25 KB 126ms
36ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRzvk5oHteY3oSoVDrDAuPFj0lbd_EYvLGUzSr977E-7DTCHqTnEBWmXc9gAOI&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06fd4d06a80c418c4b9d524d82c825e6bc5ea5e8ca25e8e6a196ecfea99be6a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 07 Jun 2023 06:38:29 GMT
x-content-type-options: nosniff
age: 339619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25093
x-xss-protection: 0
last-modified: Wed, 21 Aug 2019 16:35:59 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 06 Jun 2024 06:38:29 GMT

GET
H3

200

8530584423308554204
tpc.googlesyndication.com/simgad/ Frame 5518
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_tbSiDBCQAxiQAzIIfiMpVhjKCMQ
https://tpc.googlesyndication.com/simgad/8530584423308554204

23 KB
23 KB

36ms
36ms

Image
image/jpeg

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8530584423308554204

Requested by

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a80654097d87eb3cf145577d3a13d6bb67715949f19118f654fa1bd1f0f13fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 18:30:42 GMT
x-content-type-options: nosniff
age: 37686
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23401
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 14:19:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 18:30:42 GMT

Redirect headers

date: Sun, 11 Jun 2023 04:13:01 GMT
x-content-type-options: nosniff
server: cafe
age: 2747
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/8530584423308554204
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 04:13:01 GMT

GET
H3 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 20D4 67 B
91 B 36ms
35ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:44:12 GMT
x-content-type-options: nosniff
server: cafe
age: 876
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67
x-xss-protection: 0
expires: Mon, 12 Jun 2023 04:44:12 GMT

GET
H3 200 Sixt_Rent_EV_970x250_Tesla_3.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/ Frame 0C8D 4 KB
2 KB 36ms
35ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141197869ca055b994952f1a893cffd61b46eb16aa80c738bff2c89beced584e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 60613
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1822
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 12:08:35 GMT
expires: Sun, 09 Jun 2024 12:08:35 GMT
last-modified: Thu, 04 May 2023 09:26:58 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame 7DF8 43 B
1 KB 75ms
14ms Fetch
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=sixt-gaw&extLi=20069242257&rnd=1565861820

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Sun, 11 Jun 2023 04:58:47 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: So, 11 Jun 2023 04:58:48 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1751
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7DF8 0
0 83ms
83ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CgAS_h1SFZNfvMqWEjuwP9Iqc-ATpt4y1cKPY9qLREfLs0uCyARABINuXyo4BYJXikIKgB6ABhfnx-wPIAQmpAqApGVDBCLI-qAMByANIqgTLAU_QJY0re2eorJoR7ePiCdwNuN9OGpV6qb2szj_Egm9Pj5Oikiyf-Xd4r4GY11SA2KJbf80Q2hZ2skj961g2R3C8E9zszmpL5ZCRnULt6nHVPnSEtzFVEEBYD6yepBvqeS-lbey630pbnQN2LjdtlSE4W1KzvlK_KhqE6TGYwiCLASj0Z4O00pme6BLfl9uuzdg8Ubx-GsvFyJ3qRR7oqOjqfOPhwVw8rWvaNZMbQAAG2SP6be6R-6QEvDH-SSVhGvg1IlSH3r06-4lJwASjsLHhrASgBi6AB63loTKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDEnw3SCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB2BMD0BUBgBcBshccChoIABIUcHViLTY3NzE2NjY2ODM5MzAyNzcYAA&sigh=qtSB4pS_iBc&uach_m=[UACH]&cid=CAQSOwBygQiDmSKr--pn1Mf3zxLrspjyU5OYbBbdexh2-BcTd7L9rmYNQm8Ix5q8okhb3vqRiYWHPUo0jf_1GAE&template_id=419

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/tracksaka/asmtra.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/ Frame 7DF8 23 KB
9 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:37:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15671
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 17960421598201694375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:37:37 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 72B2 143 B
166 B 39ms
38ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2533
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:16:35 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 7DF8 3 KB
1 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 08:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 08:16:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/ Frame 7DF8 20 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230607/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 00:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8202
x-xss-protection: 0
server: cafe
etag: 12977410716570951617
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Jun 2023 00:38:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7DF8 0
0 46ms
46ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTiME7bc3S2em6VGJ7ZeVXCMxnPYmrVgfamddniYzKs8S3j9NNhxqzLyxPde7gAdZ1-QTtl4_y_014D9NeCpeBs0e0nA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7DF8 175 KB
55 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55943
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686137816735621"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9FAD 0
19 B 80ms
79ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CwgfUh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvAFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvECJnmddF3w6fhjimghPz6Z1r9kOvYi7M6OhyA9FELWuRj-anL6NfYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NzcxNjY2NjgzOTMwMjc3GAA&sigh=n_y968qxNOs&uach_m=[UACH]&cid=CAQSOwBygQiDuz2oOpCEov0mxsp-eDmzlauGzfC1sJ3WDx5AcUQoHFljW4dXmoggA1xRNJ0wJ1i_weI9Q1o-GAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9FAD 0
104 B 75ms
26ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gnmxjfxnaeeek3vykd3450fgd6redgsnt29ecywb1rsx0mk2yqafxwkzerk4p05p0j7p8k743c8fbm3q9xzrw77j05sgp9yyc7vmsnrajkk8ek4d5ezzqmrnjr2vsq7f5bvgta6yes0803h3ngvd4awvneth96mhhtp3s2cb5r62t39sv178r4hcr2br1wb6yspha4z3bp5t8thxkc9wrrqra6khyshvyj24va9x72g9adft9xcjk4rhrw8rh2jwzygpd0nabs8atdqr04a73kdnqg9m92kkh9m98q9c2hzhwb0xz1hrmvbbz0r80kxe3xphsrt98z4mj61qg02h8510x5dn0rgn86zj1kxhpsync75p34e5qhytesd154ed8zst7gwjtx7s5fj&b=ZIVUhwALI-MHg4CnAAP5hn_lntlT70qj6RlfWg&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=250&slotname=7072356023&adk=2874585854&adf=2619435063&pi=t.ma~as.7072356023&w=312&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=312x250&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527667&bpp=35&bdt=1799&idt=35&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1184&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=pYdqtJPXHp&p=https%3A//canada24.co&dtd=37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 5518 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 247f4eccc9df261a67f1947795b53c25d49e613eabbd5c08d50a60b0da134f20

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 037E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP...

43 B
446 B

224ms
206ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: canada24.co
URL: https://canada24.co/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d5747f85db392a2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 294
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDNbwpr3Q2TDp3ANN22H8o8&google_cver=1&google_push=ATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO00NGJmMj6owpXf104Jpk01SO8LOByPoPtFZNVGWU9iLNA8vQEtYjhjXdOWYnhrUAFdMXcljjg7RqeiYMrgW0w4WbnSQP70F8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d5747f67ccd92a2-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 037E 70 B
266 B 109ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKU5gcNuPmgANQDNJaQpqfI&google_cver=1&google_push=ATf1kGPNG6-TmUqzKXFnajHeu033DesiV8t7jEgcqOvnH0ORmj-I86OidmgJkrA7jAW9qdRg0GiKEZBtGKebRxXJwf_-E_Y-bx5Qrw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 037E
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOwCzK5qrBRU2REtRBMygn8&google_cver=1&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWa...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWazYlOUl_qvX9o0auxyPQ&google_hm=5eRX5OPqQ-CoKxcbGb...

170 B
188 B

46ms
46ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWazYlOUl_qvX9o0auxyPQ&google_hm=5eRX5OPqQ-CoKxcbGbutzrU

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPdJYULXQ6-8x3t4wkXoFzPZt4CDzT-B3leOcp2BMil54QWn0gSGmEj-47LLDCBXPLqzpZTYGcneWazYlOUl_qvX9o0auxyPQ&google_hm=5eRX5OPqQ-CoKxcbGbutzrU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 037E 0
174 B 62ms
22ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAHuHwhl5Yqb2WDhKqzOQh4&google_cver=1&google_push=ATf1kGOl9Xz9wmj0xg42lC-00MVDjPvxeUR3OPoJ_N-V2tXw-FSGPTUAKV07te1FD5no6yqtrJK2l83tK2CpZedHmSyqMvGxsgfrQJU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 037E
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPiK5amw4d-Gb2zGTjc-KXg&google_cver=1&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj6...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEPiK5amw4d-Gb2zGTjc-KXg&google_cver=1&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaY...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw&google_hm=2Wz4IM4ZRwSN6x00lyaHXA==

170 B
188 B

46ms
46ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw&google_hm=2Wz4IM4ZRwSN6x00lyaHXA==

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw&google_hm=2Wz4IM4ZRwSN6x00lyaHXA==
date: Sun, 11 Jun 2023 04:58:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 037E
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECnd8yVPOJYoZpyO70Yhg2U&google_cver=1&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3V...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3VBG355SRQ&google_hm=eS1SV2xBcmNWRTJwSDd...

170 B
188 B

98ms
98ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3VBG355SRQ&google_hm=eS1SV2xBcmNWRTJwSDdIX0JIZC43djdfcWpaQ0xkOURDen5B

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 11 Jun 2023 04:58:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOaJAw6rL5ygxvNBwy-T3l9aEMlmZtOLFSF84MlG5JbBbShDz7rOnfciuak9VyYlgo8UhQXfH2BgmOOP-xnhkaHo3VBG355SRQ&google_hm=eS1SV2xBcmNWRTJwSDdIX0JIZC43djdfcWpaQ0xkOURDen5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 037E
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM2WSzOfP3A5X0TYLxC54vQ&google_cver=1&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdO...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdOthFkG5_Bv1LMMVkOv7I

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdOthFkG5_Bv1LMMVkOv7I

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO_yPiiJUd1vsMaoIufmagSNIsz5JiWNeckn__24Yq-HahHTJNlRXHkrdjTV-UQNj-tg843Lxj3wGdOthFkG5_Bv1LMMVkOv7I
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 037E 0
12 B 46ms
43ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JIT2ovbUIaQxs2aShPKOwQ29Za4iPxYHQV5PFVhZRXjQ-O18Ga_D3RJwRYzjUWx9s4-Gs-

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 7DF8 0
122 B 76ms
75ms Other
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJfP1qi3uv8CFSWCgwcddAUHTw&gqi=h1SFZJGIMtC89u8P8vyEiAU&layout=/sadbundle/%24csp%253Der3%24/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 0C8D 6 KB
3 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 21:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2551
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 11 Jun 2023 21:21:12 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0C8D 34 KB
13 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 11:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 11 Jun 2023 11:15:37 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 0C8D 186 KB
48 KB 152ms
46ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Jun 2023 04:58:48 GMT

GET
H3 200 Sixt_Rent_EV_970x250_Tesla_3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/ Frame 0C8D 44 KB
11 KB 41ms
41ms Script
application/x-javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8e429ea681e95312359b0dad8293252bad0ee4af0dd9ba7f2d85730413cd4f7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Jun 2023 17:24:16 GMT
age: 128072
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11667
x-xss-protection: 0
last-modified: Thu, 04 May 2023 09:26:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 08 Jun 2024 17:24:16 GMT

GET
H3 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 5518 20 KB
20 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 05:48:51 GMT
x-content-type-options: nosniff
age: 83397
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 05:48:51 GMT

GET
H3 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 5518 21 KB
21 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Fri, 09 Jun 2023 02:08:49 GMT
x-content-type-options: nosniff
age: 182999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 08 Jun 2024 02:08:49 GMT

GET
DATA 200
OK truncated
/ Frame 7DF8 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c2c352c4bc7fda4930b01523308c9af541ace2e76dadad970b7ce13393283c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 72B2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

46ms
46ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
expires: Sun, 11 Jun 2023 04:58:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:48 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5518 0
19 B 85ms
85ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGA1nh1SFZMziJp6FjuwPtdKEuA3R9fOqaJfW3KLBDvSxre-KKRABINuXyo4BYJXikIKgB6ABlNm04gPIAQaoAwHIAwKqBMUBT9BBXGxUaj4j8BnAcSwOnvzRT3vgbkFuWqcqicvwKLG1lnsuMW8fOLERReIYOVNiuYbSw5ppcWl3o-EzLmF2ENgJTtSTgFhanmIUh_jcVntVxwsCNCzdMpGI44rv0pxXtBEnc_vWgeyYaTScTAF_OZkxtCEiJt3LJR6pBDCeusOyNo4aWgxNSdPVtGzkrlcelITqA6ZerXleJG4IrbN5L_2Ul3PjR5YTF5Uz-5U3A2vmdk4gU_eSAUfRb5WKBOie-sysU4jABOG9mLXUA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfUpssdqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcB8gcEEMyLAtIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgHICwHYEwvQFQGYFgGAFwGyFxwKGggAEhRwdWItNjc3MTY2NjY4MzkzMDI3NxgA&sigh=k1HtAk-PwW8&uach_m=[UACH]&cid=CAQSOwBygQiD3SKwve9HO2S0huHN-ZzF6C_xsqLGvU1GCfCpXFRwvC04iYpT4D7CVWqfyhYNS0E6Ifc5uBuvGAE&template_id=493&cbvp=2&vis=1

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=181745746&adf=3896497508&pi=t.ma~as.2320321281&w=1068&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1068x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527598&bpp=4&bdt=1730&idt=4&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=894&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=1GZU74YE9E&p=https%3A//canada24.co&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Jun 2023 04:58:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 200 rs Show response
ad4m.at/ Frame E7E3 1 KB
2 KB 36ms
34ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7882936a1b80724af8856a779bccb7154c3ff831e1715031713e43c42f54d45

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Jun 2023 04:58:48 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1kcTybOb3WgC8gx4P2Dldl5EiwH0vDmxzhV2JfwZnrZ%2BwqOELqYwIIzI1DOOfrUBvjru1Rb0AXHyrRCjohMMJTImAkAptxT8Uvj0uW6BHPmc2agYaB%2B70jtLEpBiuLMAr6hEeQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7d5747f7481b9957-FRA
x-backend-server: aa-reachservice-group-europe-west1-3zc0
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 38ms
26ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d5747f71ffb9957-FRA
content-length: 24
content-type: text/plain
date: Sun, 11 Jun 2023 04:58:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEIIYZWm9vg%2Ba2%2FbHa1Pgv%2FPaIVbrmrXeVRw%2FamZ5u%2B3UOBOomG74Ib3sPEJa2PLgrLgoC3I2MjDwYFg%2F2heyqO0PZ7w7U0LNaG6NlsjCQ29goKzkwDhQYt7rtmSEKxz8DuSjlE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-jtm5

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 0699 11 KB
4 KB 36ms
35ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b48670bb740fdd7213ebd4d47b12d04c266d35fb9aa8d6d7eef783ea53fa86ef

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7d5747f83e371a47-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:49 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 Sixt_Rent_EV_970x250_Tesla_3_atlas_P_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/images/ Frame 0C8D 12 KB
12 KB 36ms
35ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/images/Sixt_Rent_EV_970x250_Tesla_3_atlas_P_.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

114c908d6da2ec52999a592efd5548f25cf9c8c96b235ac85808a90c0017ac54

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 06 Jun 2023 21:21:14 GMT
x-content-type-options: nosniff
age: 373055
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12246
x-xss-protection: 0
last-modified: Thu, 04 May 2023 09:26:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 05 Jun 2024 21:21:14 GMT

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C8D 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.42/one-ad/ Frame 0699 106 KB
13 KB 32ms
32ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.42/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dbe73a90f1370d3bdefdeb5ccca6a4f3c6edb2bc1b06c47b7e5ae2457bc58ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1686312358
age: 146864
cf-polished: origSize=108907
x-guploader-uploadid: ADPycds4BaPB2cnNKfGCpO0DHbi1YsFTcCTGXC9fJnH_NboEzcGfHcnLXlcIvq2iasQ1ZmCVOJqaFT1yvUfFyfqQRQlEfuWooABE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 09 Jun 2023 12:06:25 GMT
server: cloudflare
etag: W/"913a188acf4937267d989357edafdccf"
vary: Accept-Encoding
x-goog-generation: 1686312385390155
content-type: text/css
x-goog-hash: crc32c=+kWf1Q==, md5=kToYis9JNyZ9mJNX7a/czw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLmbE8LgUbEWrH4eUk6UEdaZHVL8iV915nhKaQ%2Fm6H1JJNnrNE9LrCKMiuOhbzYetHEqbI5GFZscvtIqaRp1GJmQh0CeaChqSeAFFBzzEZkck3%2FR8iCanx7f9VVY06IR3tWhtooH7TA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 108907
cf-ray: 7d5747f87e681a47-FRA
expires: Sun, 11 Jun 2023 05:58:49 GMT

GET
H2 200 C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
assets.ad4m.at/logo/ Frame 0699 5 KB
5 KB 38ms
22ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2454145
cf-polished: origFmt=png, origSize=10283
alt-svc: h3=":443"; ma=86400
content-length: 4736
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Apr 2023 12:21:02 GMT
server: cloudflare
etag: "b90d04a587c2a1ab6749e51d8bb195d1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVNBfE%2BU6yUtyqOlcY7AdxaN%2BAyMAZID2YhH7su%2FBEMRgdDeuTlir4GYbnzwYCeE4Pzfr2tLfDN1leS2TjfrMLb%2BnCCJwQy2Asvns4p2nF3KJkShsAm0Ax8ziS692L3uxL%2FP4iGTZ8%2F3PWXP"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc6bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H2 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame 0699 54 KB
55 KB 29ms
14ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1552885
cf-polished: origFmt=png, origSize=105738
alt-svc: h3=":443"; ma=86400
content-length: 55786
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Jul 2022 08:55:40 GMT
server: cloudflare
etag: "147be38db57f89c69c9e65b05983ff0e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2BEI2b0zqGPgVhuH3QC%2FoZjq9LOh%2BSlKDk5RQPS3Sg4cpw31n%2FnwxluPaFyCHYqoU4CxJBiv5ACUbGjiFX4%2FEFqMMF1tCBJs%2BB5X24fISE0Qc7m7BEDIv5HGx9rmxA14BGSqJkDHVl%2FKy82"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc3bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 0699 2 KB
3 KB 36ms
22ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 206172
cf-polished: origFmt=png, origSize=9357
alt-svc: h3=":443"; ma=86400
content-length: 2330
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSuMSR8o02Ui7bcWvj0Oc7VGYltIBSWicDe2FUTKW%2F5diidslc9jDV6Pu%2BvOUh7KXkltwJ6Agb%2B5UGc8a7aveSifY8rl0fk6Kku5Lh3k5Yk1couDKQytfwwJ6Fshc8ouq3Ig2S82AcTMCEFw"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc4bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H2 200 B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
assets.ad4m.at/product_image/ Frame 0699 496 KB
497 KB 35ms
21ms Image
image/png 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e61c4c6f2c0c52c9b5dadb303f0db1128715c2e8819a50b1d24c6d7089fbebb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1067857
cf-polished: origSize=563367, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 508355
cf-bgj: imgq:85,h2pri
last-modified: Fri, 09 Apr 2021 07:22:09 GMT
server: cloudflare
etag: "ff5ac113643d20bec15acfffe32cb75e"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYe8N1nnPIztLAYL4%2FNJWZtA3Gq3Ek4mNWCjdVlERiiD1fmGL0IoCwLXYJ2kNWAJeeKb5ey0%2FAjN21HaXblQGkqmtKSCLDMhASdxcAswe3rej9YVBTQwU562BRT%2B01w5i83wNviSO0lzXLnf"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc9bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 0699 43 B
703 B 104ms
62ms Image
image/gif 23.56.205.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidk7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-205-163.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Jun 2023 04:58:49 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 0699 36 KB
36 KB 36ms
22ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1121399
cf-polished: origFmt=png, origSize=62828
alt-svc: h3=":443"; ma=86400
content-length: 36446
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Oct 2022 15:02:47 GMT
server: cloudflare
etag: "e12c1a9f1887c09d377658838eaaa06d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgJONkjvJLx4o4F5hoMmjCKk1XE7xgXJa%2BxzBc0KAwpJBGceWRF3el08ginMlz0MWFiIh%2FPmoWi%2FVrmb5tcloe4zweysCc6QmGaibIus2AsmZllUDN%2BJBuNXCGu7HaJpGg1daSZbou9RQGwA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc8bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 0699 28 KB
28 KB 31ms
18ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26537
cf-polished: qual=85, origFmt=jpeg, origSize=133780
alt-svc: h3=":443"; ma=86400
content-length: 28740
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Feb 2020 10:22:01 GMT
server: cloudflare
etag: "d061ca155f758f490340e147604dc3ee"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlGdREXYsRoNuH6zEzfeTwo5e2mnN0kRepOzekRhq2FxEXu%2FWeypPJK%2BRAqPwwGQGFrcSQIWBlx7WgcVztSnwduTNV0mIXg7fqHokDG%2BfIQSp3My2lFvWj1lzCuysN%2BSwp1c9CpjXLeuPcD0"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d5747f89cc5bb37-FRA
expires: Mon, 12 Jun 2023 04:58:49 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 0699 43 B
703 B 124ms
81ms Image
image/gif 23.56.205.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkroneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-205-163.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Jun 2023 04:58:49 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 Sixt_Rent_EV_970x250_Tesla_3_atlas_NP_.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/images/ Frame 0C8D 51 KB
51 KB 36ms
36ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11928086329308314302/images/Sixt_Rent_EV_970x250_Tesla_3_atlas_NP_.jpg

Requested by

Host: canada24.co
URL: https://canada24.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14da2db9b17645aaf9c4c6fcb597b5818dcd12ffef970846decd1c232ab05848

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 08 Jun 2023 10:42:12 GMT
x-content-type-options: nosniff
age: 238597
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52318
x-xss-protection: 0
last-modified: Thu, 04 May 2023 09:26:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 07 Jun 2024 10:42:12 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1501 42 B
64 B 83ms
82ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPmSdqz3Me_LQdoSGraceX7w8UhlwkZ6na1OTwDWPNJoA67gvkfUTxLS46iuEEtQ59pPwpCGbrD8M-GYYmOCz_YhKWtHpCwNESbCuPizhx1aYM49uXZsosDPlYC3IffrOLBNJUJzy2zLdW&sai=AMfl-YSvDu8Iuq5BZVu5xXkbMkJIc0jtYAE1VWsiucomc9zn98BLV5DRW-JqsouMmmiK6hETb7Iz9rdXQhoc&sig=Cg0ArKJSzAlUgJw76RdvEAE&cid=CAQSGwBygQiDW8wZWxWTBf57lfBws3egt3Amg6SH1BgB&id=lidar2&mcvt=1035&p=0,0,124,1005&mtos=388,1035,1035,1035,1035&tos=388,647,0,0,0&v=20230607&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686459527388&rpt=647&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 0699 2 KB
2 KB 126ms
69ms Script
text/html 18.130.16.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1kjc969s4czhf3jjecjr8rcmvahhhtp1830p4ftrycpr00x437r14c3rgsbvwr4sqwwh4te44z5j2zyd475160m0wpkf31m1b1ke1ems92kpx5dq0e25v0s6ywe92q3x83eza3jenv39pjb6as5wv3fxnzmn79c73pzhgscph9daz5wgpfpg0c9b46na5xzasa3x6kevbc9eca8et3r7xgvez3vrjyzeq72b4aqbcye1hyzf7rwnae7zzzwnqn11pbb0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%252526client%25253Dca-pub-6771666683930277%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.130.16.201 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-130-16-201.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: b5f043d5a61bf274d66f53f78979717d9c718b3b100c74502bf1d8e61e4670ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
last-modified: Sun, 11 Jun 2023 04:58:49 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Sun, 11 Jun 2023 04:59:49 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 0699 85 KB
31 KB 71ms
8ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1kjc969s4czhf3jjecjr8rcmvahhhtp1830p4ftrycpr00x437r14c3rgsbvwr4sqwwh4te44z5j2zyd475160m0wpkf31m1b1ke1ems92kpx5dq0e25v0s6ywe92q3x83eza3jenv39pjb6as5wv3fxnzmn79c73pzhgscph9daz5wgpfpg0c9b46na5xzasa3x6kevbc9eca8et3r7xgvez3vrjyzeq72b4aqbcye1hyzf7rwnae7zzzwnqn11pbb0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%252526client%25253Dca-pub-6771666683930277%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:02:22 GMT
content-encoding: gzip
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 53788
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 0mPII1Pi-Nc6YstFd5pj71_IJMf6rHYtN-8GqhsVBzvcmcHWa5HbqQ==

GET
H2 200 1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png
cdn.track.production.webgains.team/286305/ Frame 0699 15 KB
15 KB 49ms
8ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/286305/1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png?Expires=1686459829&Signature=N9mFz0qd3pwztpGucsx~R23Ca-HDTb0xkh0c~y9oNECRK4nYLp~ch0BoWN2sQffgHt9cgdi9W1-z9KoGad8HpqB5oTJQVoWeWfI~IKv9Ib6h-ssuwiuVJUtCkTVWHyGGX4r9Jh1Z8UubSLG9lrHz3P5eEphzVECivsfGqoYfWMX77v7hWC0e3Edbz1SrV8AkS7kTbeQbUGHoqWDgh~~f2Sd~PdxVw6gk9OCOVUl-6-FeMqmXc-wa36SSMcJ9lo2JfnFT2-XUvcBCQ~eeYNq1DvrSbFiYn1INMUcQMQ3Sh6-J0F5FDh4LYsCJubJeYGMokSyWOLw4t5jIBUjCV8quIw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 10 Jun 2023 15:18:01 GMT
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:41:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 71424
etag: "d4e8f970f24f6d19b53aa92b1907c1ef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 15054
x-amz-cf-id: RiJOxB5CIshl-DJXgTK7z6-pJqcDeKMolSYCz4Ks0FXvMM5tpvSi0w==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 54ms
54ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230607&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62efb068e203246dca6548612cf476b819d87cbd727910f058a4d42567e5fc3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11169
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Jun 2023 04:58:49 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 258D 42 B
64 B 82ms
82ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCRJyGqSUF58JeGShB_ra0Rp6nNL-IVMMw27LfNiQhzeRfOdhzG5FRWuJXf4HuQXBP4XLiKnKKTsL2mR09mn06sVRSGnydSlphSWys8PdIAvSNu8LPylR4elLg2R0FRLTcuKtL_QPSEw&sai=AMfl-YSTge_TSReWe6ydlXcu-K_s4RH5Zk2Ie7gQLt4jMZthG7zSXhlmyE8EJcKeEeALvBhMj20oUpgLGN8uJB2Te4nxIeIl59NRvsH5JK3OReAr_gWOfWxPj6N1G0c&sig=Cg0ArKJSzOyogZP_pq3bEAE&cid=CAQSOwBygQiDAALqUeU9XO_zcxQomBNxFj6BMaweKGp1OX_x2LcSUJQCbtSxmiE3nFJ1fBJz0yQNX1tPFm05GAE&id=lidar2&mcvt=1020&p=0,0,600,262&mtos=1020,1020,1020,1020,1020&tos=1020,0,0,0,0&v=20230607&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1159937247&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686459527583&rpt=857&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E700 13 KB
5 KB 37ms
35ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 74495
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 08:17:14 GMT
expires: Sun, 09 Jun 2024 08:17:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 835E 783 B
536 B 51ms
50ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a7cea655e2a8b377cdd9f05cc7c4daed319834e71fd424ebd3fcac342f63da61

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E-17ZH72CV0jlrv2_mbGqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canada24.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-E-17ZH72CV0jlrv2_mbGqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Jun 2023 04:58:49 GMT
expires: Sun, 11 Jun 2023 04:58:49 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame E700 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 835E 0
0 71ms
71ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230607&jk=767642069352153&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E700 0
12 B 35ms
35ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ov6uRQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 04:58:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5518 42 B
64 B 82ms
81ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPzseNQIYrFu8l5cPplp_CvQCy6U_BxgUfiEY4mxdxRNE185YULjplP4nyVt4xzJyxrlLWTAYAKtwzQSaryMKTIOkae7WBQiTbbfwnPzRNkiUPM9qQGRkwR5Q45Tkh4J5Ee8kADM6j-Bzt&sai=AMfl-YSQwz0opR8vG_rkAHMIEI96xKNz82rcNpum-JsC4DhnB7KMb4ddMmjNRLOrzY_grbiEYPLGh5OfRT4jUptk9fOi1WnUlW0JPpDKhDJCtsFN8dgRONQqt1FvYmE&sig=Cg0ArKJSzORPCHmXx4xSEAE&cid=CAQSOwBygQiD3SKwve9HO2S0huHN-ZzF6C_xsqLGvU1GCfCpXFRwvC04iYpT4D7CVWqfyhYNS0E6Ifc5uBuvGAE&id=lidar2&mcvt=1000&p=0,0,280,1068&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230607&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=181745746&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686459527608&rpt=1177&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Jun 2023 04:58:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 0699 16 B
232 B 75ms
74ms Fetch
application/json 52.56.247.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.56.247.104 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-56-247-104.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Jun 2023 04:58:50 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
21ms Preflight 52.56.247.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.247.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-56-247-104.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Sun, 11 Jun 2023 04:58:50 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 75ms
75ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230607&jk=767642069352153&bg=!GBulG0_NAAaGYqkwpmI7ADkAdvg8Ws6ZvQvI6kRYptpBkZdtR09NkaxtwoeslaBUGtlSNmfcKSCAmPjGmeUbjiPXQc5rJ6fpl9sCAAAAU1IAAAACaAEHmQL27HWwAtwl2HELyc435JgcF-0vuv070pCMEiJjSlAXiQV7AZO7vcGZkAuReXUd2ZTi27Yh-zAR6tTXoqibXCRdnLkz7FFS2NisNhyhjtIvEw23EyxKK9cA5xPV8KGvQFwY5w28mFwmkXWlddGpKTSIEAXuTfine3PO7GipYQzKKFgOijq3DVDfy-iY0tcHuaAGw0spXuJ4o2VXEv6yLMiJSckL4AeiALkJ8orV340nPqTytETYPFVCGHKVfJ_kNo59-jskJCSa0QcsAP4SLvyljQYYyFJcZrLZVU7XyaMwDVnkRDRPgisP-AR6eaemhUGNFkKg_Jg8woykGTNxwxo6oXQIi4oVOyf4mBdhc-BaSV7JtU4RGLjviD-QCpE6ktzP1yeSYCqFNwSo5xTYNYTjsPj0bDZl4iCMi88j9If7UZ_kV82F66rcSC_lIZwepcNJHvFc9V7QTFFV-viFAXA5-fWXGUmhPySV2nZiAdUWCgnNfCtn_tvXNMeteOFV_2-zuA-SdjD8D0ha3fe5niiJfvedkSY8ZiChlKb3Zttmjkb4uEIr_D6DG26GAlJ_SB02IKVULDrLXjjqa5W8xY7o_1N1xm6bBgr0ibn3NtPvK_alAxoxWM1q80qMAtXx0_YQFLo6A1qreXFdTJ0ZCENkLJLvjMMXdjcZtTR7ZZF0CGdT_kml-aj_onDXY2blF908fibn9UF8bUz72OjsMBFYvin6JCH3dVvJag3ZNOefDzRhCrU4qhqWFLOYtVIA7hXctqyP3UoYXMDlzvmHUpFodkzn1Te4WHN0Mh3GFKuY8Ocw9gsJkQMWyVACDgoVmjcGs0p5Bfav2FK61F5Xwchwrl313pfyC04jyfPgwFDf3OOmajIrXEuvcy4QAmbOSbz_zH4_81aYaI2fDsjG3K1l8zh6fYDjPmh9V0R2AZtaajCm1DUICrlgrSr4r733BFp91wpK5MN-lP34pNddh0NTEVtb0M6qqaTnVpEr8k2VarRyhX2c61k
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5751-key-words-mark-zuckerberg-says-meta-may-be-primary-beneficiary-of-apple-vision-pro-headset-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: e1b17212f06f315c45603308568a24e1c58627c7099c0138514bd19ec62045c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 12:58:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "c44e-5fdc60a8c6413"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 50254

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5753-washington-watch-top-democrats-use-default-scare-to-push-new-debt-ceiling-overhaul-bill-696x348.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2044b64f5753fb06c43117733f8f9793d9a74e9885a7eb38acf763b653e4105b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 12:58:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "5c8f-5fdc60aaf6137"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 23695

GET
H/1.1 200
OK 5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-696x522.jpg
canada24.co/wp-content/uploads/2023/06/ 101 KB
101 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-696x522.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 7f53045dfc0bb5e6328edc5ec45bfa69b7ce2e32a7ae21c74492775fb3de277e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sun, 11 Jun 2023 03:58:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "193df-5fdd29d470535"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 103391

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5747-man-utd-tottenham-warned-40m-target-is-firmly-on-radar-of-la-liga-giants-after-neville-plea-696x392.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d72c797e9a478f9b23f4c7853d4cae1b3a880a7f55493309661940b6a36080fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 06:58:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "8484-5fdc103059e2f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 33924

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5735-what-tesla-charging-partnerships-with-ford-and-gm-mean-for-the-ev-industry-696x392.jpeg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 81664ac822700118a7ee2d8e7ed953c7235cc0fcb1e232d0bf9e6c7e3d367e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 03:58:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "45b6-5fdbe7f34c2be"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 17846

GET
H/1.1 200
OK 5758-canada-lost-17000-jobs-in-may.jpg
canada24.co/wp-content/uploads/2023/06/ 29 KB
29 KB 13ms
13ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5758-canada-lost-17000-jobs-in-may.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81a79158bdefd6bd21a27f8faf843314863a259440aa36e0a0536a0a0e22aa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7471-5fdc7b812960c"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 29809

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5760-bc-woman-says-doctor-shortage-anti-indigenous-bias-may-be-why-doctors-missed-her-cancer.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81ac442ef29e01b9efc07e9abdc4884622799062df9629cbb40b76f06bbf9fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7df9-5fdc7b81f01c6"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=84
Content-Length: 32249

GET
H/1.1 200
OK 5762-enough-is-enough-say-advocates-after-st-johns-school-faces-anti-lgbtq-backlash.jpg
canada24.co/wp-content/uploads/2023/06/ 32 KB
32 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5762-enough-is-enough-say-advocates-after-st-johns-school-faces-anti-lgbtq-backlash.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: da2adf6eb667e905d43c91eaf91ac120eaedc617e574510d4b97f4c7d166c873

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7fb2-5fdc7b8313dcd"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 32690

GET
H/1.1 200
OK 5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-1068x801.jpg
canada24.co/wp-content/uploads/2023/06/ 207 KB
207 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-1068x801.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2d95d429f4940a558caf72c3aaa16f284d724cf9bdf2e3857936bebf4b3e941a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sun, 11 Jun 2023 03:58:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "33b17-5fdd29d49d7df"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=82
Content-Length: 211735

GET
H/1.1 200
OK 5723-i-grew-up-with-hazardous-smoke-from-forest-fires-in-asia-heres-what-i-learned-696x348.jpg
canada24.co/wp-content/uploads/2023/06/ 17 KB
17 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5723-i-grew-up-with-hazardous-smoke-from-forest-fires-in-asia-heres-what-i-learned-696x348.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d1f0110b06d8bcfb9b97e78fcf0e8081b1ec27f721609176b0e20c811c8a51a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Fri, 09 Jun 2023 11:58:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "435c-5fdb11601ec91"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 17244

GET
H/1.1 200
OK 5729-palestinian-killed-by-israeli-forces-at-rantis-checkpoint-696x522.jpg
canada24.co/wp-content/uploads/2023/06/ 66 KB
66 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5729-palestinian-killed-by-israeli-forces-at-rantis-checkpoint-696x522.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: eb4c9e01b05216fb02e2d7a4cad4073046b3a4aea8e8d52f41717353161746b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Fri, 09 Jun 2023 15:59:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1081e-5fdb472d07079"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=81
Content-Length: 67614

GET
H/1.1 200
OK 5758-canada-lost-17000-jobs-in-may.jpg
canada24.co/wp-content/uploads/2023/06/ 29 KB
29 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5758-canada-lost-17000-jobs-in-may.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81a79158bdefd6bd21a27f8faf843314863a259440aa36e0a0536a0a0e22aa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:50 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7471-5fdc7b812960c"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 29809

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5760-bc-woman-says-doctor-shortage-anti-indigenous-bias-may-be-why-doctors-missed-her-cancer.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d81ac442ef29e01b9efc07e9abdc4884622799062df9629cbb40b76f06bbf9fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7df9-5fdc7b81f01c6"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 32249

GET
H/1.1 200
OK 5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-1068x801.jpg
canada24.co/wp-content/uploads/2023/06/ 207 KB
207 KB 12ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5772-philippines-evacuates-thousands-after-mayon-volcano-rumbles-1068x801.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 2d95d429f4940a558caf72c3aaa16f284d724cf9bdf2e3857936bebf4b3e941a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Sun, 11 Jun 2023 03:58:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "33b17-5fdd29d49d7df"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=78
Content-Length: 211735

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5762-enough-is-enough-say-advocates-after-st-johns-school-faces-anti-lgbtq-backlash.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: da2adf6eb667e905d43c91eaf91ac120eaedc617e574510d4b97f4c7d166c873

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "7fb2-5fdc7b8313dcd"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 32690

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5723-i-grew-up-with-hazardous-smoke-from-forest-fires-in-asia-heres-what-i-learned-696x348.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: d1f0110b06d8bcfb9b97e78fcf0e8081b1ec27f721609176b0e20c811c8a51a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Fri, 09 Jun 2023 11:58:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "435c-5fdb11601ec91"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=77
Content-Length: 17244

GET
H/1.1 200
OK 5729-palestinian-killed-by-israeli-forces-at-rantis-checkpoint-696x522.jpg
canada24.co/wp-content/uploads/2023/06/ 66 KB
66 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5729-palestinian-killed-by-israeli-forces-at-rantis-checkpoint-696x522.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: eb4c9e01b05216fb02e2d7a4cad4073046b3a4aea8e8d52f41717353161746b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Fri, 09 Jun 2023 15:59:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "1081e-5fdb472d07079"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=76
Content-Length: 67614

GET
H/1.1 200
OK 5764-wildfire-smoke-is-in-our-homes-heres-how-to-clear-out-toxic-particles.jpg
canada24.co/wp-content/uploads/2023/06/ 25 KB
25 KB 13ms
12ms Image
image/jpeg 62.171.188.114
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canada24.co/wp-content/uploads/2023/06/5764-wildfire-smoke-is-in-our-homes-heres-how-to-clear-out-toxic-particles.jpg
Requested by: Host: canada24.co
URL: https://canada24.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.171.188.114 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi697329.contaboserver.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28 /
Resource Hash: 7c0f5b7f4728c7e570a5457ad0cb9fc24fdfc2683c80c1e0d4c3892f6acfa945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://canada24.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Sun, 11 Jun 2023 04:58:51 GMT
Last-Modified: Sat, 10 Jun 2023 14:58:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
ETag: "6232-5fdc7b8475dee"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=75
Content-Length: 25138

Verdicts & Comments Add Verdict or Comment

261 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.canada24.co/	1970-01-20 21:49:15	Name: __gads Value: ID=02b8b53c3d506ecb-22eeed2467e10091:T=1686459526:RT=1686459526:S=ALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA
.canada24.co/	1970-01-20 21:49:15	Name: __gpi Value: UID=00000c46c703ee36:T=1686459526:RT=1686459526:S=ALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig
.doubleclick.net/	1970-01-20 21:49:15	Name: IDE Value: AHWqTUn8W_vlrJV9OdL0VQPRRnqd4fwojweGsD-S0A-ykltzxi0OOXnOE3F4SZ8WmzU
.mathtag.com/	1970-01-20 13:10:51	Name: mt_mop Value: 4:1686459529
.rfihub.com/	1970-01-20 21:49:15	Name: rud Value: H4sIAAAAAAAA_-MSNjUxNzC0MDQ0MTAzsDAwMTE3NRLiM9R1ynUMLTcq8XbL0_UBAD66lbclAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjUxNzC0MDQ0MTAzsDAwMTE3NRLiM9R1ynUMLTcq8XbL0_UBAD66lbclAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA12dYvy8_RPKi4OcPTOMkwxDDExMkpLjQQAY43O3B4AAAA
.rfihub.com/	1970-01-20 21:49:15	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA12dYvy8_RPKi4OcPTOMkwxDDExMkpLjQziNTSzMDMxtTQ1sjA2tnjFiMoHACWT6xA9AAAA
.yandex.ru/	1970-01-20 22:03:39	Name: yuidss Value: 9828570761686459528
.yandex.ru/	1970-01-20 22:03:39	Name: yandexuid Value: 9828570761686459528
.quantserve.com/	1970-01-20 14:37:15	Name: d Value: ECsBCQGaKYEA
.quantserve.com/	1970-01-20 21:57:53	Name: mc Value: 64855488-669be-96624-44fe9
.adform.net/	1970-01-20 13:10:51	Name: C Value: 1
.adform.net/	1970-01-20 13:54:03	Name: uid Value: 2774755174216930747
.everesttech.net/	1970-01-20 21:13:15	Name: everest_g_v2 Value: g_surferid~ZIVUiAAGrAdwOgBI
.mediago.io/	1970-01-20 21:13:15	Name: __mguid_ Value: d1dcd474c9683dd9b788b3bd6e2b6b59
.innovid.com/	1970-01-20 14:37:15	Name: uuid Value: abfd552e-9668-4739-ad17-fa0029706440-20230611 00:58:48
sync.srv.stackadapt.com/	1970-01-20 21:13:15	Name: sa-user-id Value: s%3A0-2cab9e10-bf73-5b7d-5df4-cf630699f20b.rPG9nhDBcj6KOKuSz35AQGZtyE0IlW3ZxMnbxV271V8
sync.srv.stackadapt.com/	1970-01-20 21:13:15	Name: sa-user-id-v2 Value: s%3ALKueEL9zW31d9M9jBpnyC7nVm7U.iVZ83Q7UAzWcu8dtUxwc88PSkiGTFLtmd7HQ%2FBXXY20
.srv.stackadapt.com/	1970-01-20 21:13:15	Name: sa-user-id-v2 Value: s%3ALKueEL9zW31d9M9jBpnyC7nVm7U.iVZ83Q7UAzWcu8dtUxwc88PSkiGTFLtmd7HQ%2FBXXY20
m.exactag.com/	1970-01-20 14:37:15	Name: exactag_new_gk Value: 13ccce951c864fb8b40ad28fbe47fca4%7c10.08.2023+04%3a58%3a48
m.exactag.com/	1970-01-20 16:46:51	Name: exactag_new_uk Value: 2a2f5fd080824e598cb661f1f0a649f7%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 397825e22fc943888d083557
.blismedia.com/	1970-01-20 21:13:19	Name: b Value: 64855488685147366ACBB779BLIS
.ctnsnet.com/	1970-01-20 21:13:15	Name: cid_e5e457e4e3ea43e0a82b171b19bbadce Value: 1
.ctnsnet.com/	1970-01-20 21:13:15	Name: gid_CAESEOwCzK5qrBRU2REtRBMygn8 Value: 1
.bidswitch.net/	1970-01-20 21:13:15	Name: tuuid Value: d96cf820-ce19-4704-8deb-1d349726875c
.bidswitch.net/	1970-01-20 21:13:15	Name: c Value: 1686459528
.bidswitch.net/	1970-01-20 21:13:15	Name: tuuid_lu Value: 1686459528
.bidswitch.net/	1970-01-20 12:27:39	Name: google_push Value: ATf1kGP43u5qqe5KV2W-S3Qwu85OYbis0hmbv2UGKwIS7Uxa1pwdUfuCh5eRzFLDgduf8nA6da8AFcij6llsaYD0MEj67MIAWjpnJw
.yahoo.com/	1970-01-20 21:13:37	Name: A3 Value: d=AQABBIhUhWQCEMEjt3hA3RUXUUCpuIN_sB4FEgEBAQGmhmSPZAAAAAAA_eMAAA&S=AQAAAvUHwrfsrTmd31DktzuG-cI
.doubleclick.net/	1970-01-20 12:27:43	Name: DSID Value: NO_DATA
.awin1.com/	1970-01-20 12:30:32	Name: awpv20044 Value: 412871\|1686459529\|a71d2fa0-0814-11ee-9f97-223306a13768
.awin1.com/	1970-01-20 12:30:32	Name: awpv14702 Value: 412871\|1686459529\|a71edd51-0814-11ee-87f6-2265f034cf4c
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 365825:2531885
.tribalfusion.com/	1970-01-20 14:37:15	Name: ANON_ID Value: amntmIy4ZawFBA9MAJP7i1DJ8UyqsO0kLXJQH3ZavEZdW2ZaMnO4I5Yjbb7ud9Buub7u5bMdpFTdjr1pPN4AYgT7der2

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://as.ad4m.at/ad/dr?ed=1jpah8p5b0ee19skdytd3ypy1avggq0f4vdpcrt0za0h7d0ttch9q69w209a0fqv23be4mqn2jhyae8ytynnrdaxp2694dpjqdckbw8q9cevbcyn6fmjxs4x6grff14h0scd8x8fj5aa1eghasncbzw635djvq7rfnb5acgvffzc040wy0hwz255pv0vjsdawkggwp8sm2f5j2bddx9g6jnvez2exmzcvpzh3yx0jgwxt48w8nwg6fc8yhert6b0rar744qzn9x8han1jkqga31cem4f8d7bxzaw57bxyyzgm60a5gne6ce8n78tqdnf600e9r6mzzk4we5zy4n667596wq4vyqnfs3ccsvqa0bge9z7vknq3gvefwxjr5xz10f0ev3t85kdjsc9jxgqm4g4n6h6jpa0q6fh9z6jfcz6sh83j081bmqab08dyejxm81yam5h5cng&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%26client%3Dca-pub-6771666683930277%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6771666683930277&output=html&h=280&slotname=2320321281&adk=1228668475&adf=1089590824&pi=t.ma~as.2320321281&w=1200&fwrn=4&fwrnh=100&lmt=1686459527&rafmt=1&format=1200x280&url=https%3A%2F%2Fcanada24.co%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686459527775&bpp=26&bdt=1907&idt=26&shv=r20230607&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D02b8b53c3d506ecb-22eeed2467e10091%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MY1L0eBdLNbm-Xg2UWCayt4vCFyLA&gpic=UID%3D00000c46c703ee36%3AT%3D1686459526%3ART%3D1686459526%3AS%3DALNI_MaonmQK1Q4irAA3xfixXKKLqeiZig&prev_fmts=0x0%2C1600x1200%2C1005x124%2C262x600%2C1068x280%2C312x250&nras=3&correlator=7381865430407&frm=20&pv=1&ga_vid=1712930518.1686459527&ga_sid=1686459527&ga_hid=1210325143&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3865&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C42532277%2C42532279%2C31075205%2C44772269%2C44788441%2C44793500&oid=2&pvsid=767642069352153&tmod=1090450429&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=KIsS7S9qSr&p=https%3A//canada24.co&dtd=29 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/11928086329308314302/Sixt_Rent_EV_970x250_Tesla_3.html".
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=300&d=250&e=&g=8d14cd468f6463c2549fa083a995caaa%2F8468915494712281584&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1686459528862&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g849k5neeh1fcrbtshe14dpqr87svw3nkzeyr6jd7b2ybvnt6qtg2fvczb05m7bvqz229m2p0rknbxpk1yg766pg9fkj8b3pnr5w2thr9hbrj2j4ycehwp3s0cy8sdet65s84w0rtqpbe9tspe927bgecwejjdz6s74bzpb3w28n89yt1n1q9je72424eta9yfh25gx1vh5dybf75f5y7wgx8sgvs31c9d925faesc9yya4mr935jzpjh8mhs4fhms9kjm5pqd5zs2zyxabrk7rxw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DChKoOh1SFZOPHLKeBjuwPhvOPsAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NzcxNjY2NjgzOTMwMjc3yAEJqQKgKRlQwQiyPqgDAaoEvwFP0Oisb2GSqGQM_pu6380zCmr4hwDcH5hT5zkNcHdCpOIHGJpts9vmzA5yH-2S-LXp67cc8wh27IkdLpo8FyPnWNCLJJKfplSf-o7uZ1bn02wRnloftQri82YHnJuF-LC8JWE_7TEaXTgc5He2bApygAnBTUbLdnpNDdwR1-944I4P9AEzam-60uoAQgLsKOwQfe6tvEDLnEbPwIW9PtBl0p6VhjSHls0EEIKVK34hCkbX6CGwaidPQCHNtYctTYAG3Ieur5DFlNpyoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_37iWX2wf-JZL61n275u5nxQ53fMQ%2526client%253Dca-pub-6771666683930277%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230607/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-6771666683930277&fa=1&ifi=3&uci=a!3&xpc=97hgQ26nTE&p=https%3A//canada24.co Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.rfihub.com
a.tribalfusion.com
ad4m.at
adservice.google.com
ag.innovid.com
an.yandex.ru
analytics.webgains.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
c1.adform.net
canada24.co
cdn.track.production.webgains.team
cm.g.doubleclick.net
cms.quantserve.com
dclk-match.dotomi.com
dis.criteo.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
im.bluevoox.com
m.exactag.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
s.tribalfusion.com
s0.2mdn.net
secure.gravatar.com
static-de.ad4mat.net
storage.googleapis.com
sync-tm.everesttech.net
sync.mathtag.com
sync.srv.stackadapt.com
tpc.googlesyndication.com
tr.blismedia.com
trace.mediago.io
track.webgains.com
www.awin1.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
142.250.186.34
15.197.193.217
151.101.130.49
178.250.7.11
18.130.16.201
18.184.126.130
18.66.147.120
185.29.132.245
185.80.129.160
193.0.160.131
23.56.205.163
2600:1901:0:76b9::
2606:4700:20::681a:71b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2606:4700::6812:18ad
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::2010
2a00:1450:4001:813::2006
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2002
2a02:6b8::90
2a02:fa8:8806:16::1400
2a04:fa87:fffe::c000:4902
2a05:d018:d29:3605:3219:5136:71bb:d50d
2a05:d01c:1d8:8102:5008:e6da:141f:d7eb
3.81.178.203
34.96.105.8
35.186.193.173
35.208.249.213
37.157.6.237
51.89.9.253
52.45.175.185
52.56.247.104
62.171.188.114
85.14.248.72
99.86.4.36
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
06fd4d06a80c418c4b9d524d82c825e6bc5ea5e8ca25e8e6a196ecfea99be6a7
0778b63d6208de1a53bf6d19c4c0d24d1ab65813eebcd046e0f8b993d4c33707
0908615c0fcebd6b8cb8ef80b748c3b57bc2b3153b99b9f5629a43abfd9e2cc3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1008e0fea1bcea71d721ce0187eba5979aee7626901ea11940898b0db51320c0
114c908d6da2ec52999a592efd5548f25cf9c8c96b235ac85808a90c0017ac54
1370903a1e242d482364b08f180e6add61f2f2b4abae8cfb0de855b56017cfb2
141197869ca055b994952f1a893cffd61b46eb16aa80c738bff2c89beced584e
14da2db9b17645aaf9c4c6fcb597b5818dcd12ffef970846decd1c232ab05848
16051e988fefb342470bdc74eb95f52e721fcb60f14f86a02ffafdede0fdb7f7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
2044b64f5753fb06c43117733f8f9793d9a74e9885a7eb38acf763b653e4105b
2257a54d3fe4a12a20a9104ffbdeb0827443ccd51981cd67fff5d62d14b99890
247f4eccc9df261a67f1947795b53c25d49e613eabbd5c08d50a60b0da134f20
2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808
2c2c352c4bc7fda4930b01523308c9af541ace2e76dadad970b7ce13393283c9
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d38876437cb01e4cabcaad29982ae4b9d306341ce2c2a2ca1cbeeb37556bb78
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2d95d429f4940a558caf72c3aaa16f284d724cf9bdf2e3857936bebf4b3e941a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f39d54e71a3c475b8a65cdcdd903b249e8b8a4538f6c8f0b1f8b3c34a093302
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34662fc6970f5beb530be3aa4ca567c6e63f9e47dc7c085383938c0c9e0e86da
37731ce25eb31f70028215d2a38794d04b5cc50fdfd7a488783c288c36c8ec96
37bf1d24965bc04c4caa88a223cd971ee9f2cef9f5f1f82b619b54ccf02a9e79
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3becd57686ec6f9c6048cba1a5c0768c0db78ed6b8bf962efbd9708806c380f1
3d6aec4c81cfcfb380b0c28463450e90e462d49378e29856f1835ce20b3bd8de
3dbe73a90f1370d3bdefdeb5ccca6a4f3c6edb2bc1b06c47b7e5ae2457bc58ab
3ed2e42d3ce5e24dcb11cddde4126e4f07c3afc590f708ad2cfbf7669002f92e
4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
485301e24ee204cd089ec16df7e66702b3a3dc906f5ea5ffcc414c303d647e1e
49b406e44cc5b10d752d976b27154d87f10732ff4c80bcd5dc4444252ebeb7e5
4a60cf98dde986323fbf26602142f3c6304aaf5cdea1afc04d2f5b66ed132a69
4af11992ace1f7685f03c2f08531325f759cf86315d2392dd35b98441efbecea
4c4c826ea9ed3340c2f3422c631af1b6f9f37312aeba4f0fb424d85dc67911ee
4c6d359ae836faf71c35149fd99b2b451fb280527b3e9ec03a32e5ecbbf23f87
4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e61c4c6f2c0c52c9b5dadb303f0db1128715c2e8819a50b1d24c6d7089fbebb
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
508a687aa2d0c97ada3f2733f0aba11922fc29e40b8a8ce11f0cee0ddcce78e1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5dda8db38026fc522c7c017ba17bbf533be39a00cea07cbc1086f1537dce7272
60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf
61816e56926dbd0b3a4743fb3f63789e0bc4c065bab87feb1ed207fd05cc0c6d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62efb068e203246dca6548612cf476b819d87cbd727910f058a4d42567e5fc3f
6357a67df341d4ed75451876c5758dec0f6eb8de7625dfc0dd8524be96023b92
64743cd8f493b8cc9b5a782f850cb4ba3eed6c17ca42c99531e6fd5e081f1410
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
67f565f25c1bb8ae629cfca60c71766232073a0c905e0387e45895657b4ae3e7
69a9607e3960d59b5ccf774d2aa68375ce20dd014db901464ec3e95f422c06a3
6a0c032e90a237db4a80350a33d57e720c90b87b70d146dc6e4b910c6ba195f1
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
72be25c3ba91e0c0641e49e4d4cef4aeb0c4090bc4b33e9648c829e2d6e4c990
7a041a0e67da859fef6ceef32058ec2fa800726154b2fd4c2e0445c19a79651a
7ab56986ff9a66c35dcce1d3e2e2991e562a690e4e9d7388ea94f107cf49393f
7c0f5b7f4728c7e570a5457ad0cb9fc24fdfc2683c80c1e0d4c3892f6acfa945
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7f53045dfc0bb5e6328edc5ec45bfa69b7ce2e32a7ae21c74492775fb3de277e
81664ac822700118a7ee2d8e7ed953c7235cc0fcb1e232d0bf9e6c7e3d367e80
81f3f30e6905436dd8b70623f92287e45e754a59ea1f047bbdc07002c1b99e2d
861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae
8c303d66ae86e6155122884b34585e5941e07f94e119b8db306cc01fd6412b85
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f450ff047bea8df79fbc6e5ecdf1848d1af4268b41ee2c9fc0e34a265bd3280
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
95c06a3e6c28a512b08155b23f867f4699ce33d79ef8ef7a229ee6a33a6c83f6
97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9971c0a9e4d487abeaf7f2396426a237081c2271bc17cdcd6883495ff43b3fc1
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4
9c8278221147696926ffbde372b3afc957210a7b293caad1cdad02af8795dbc9
a029209ef3e4d32e3a95d52b56bb3452e3bdbc9785b44a80bc1e12c974851207
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a
a3c8d1021bd2ee3bb73e29d8fdf79a184be2c6b5ef6ba41b0a6bd09519d0dfd3
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a75af83b8288085f4a517f13d6e9581867eef1ea35dd19c64959faf0a21f1865
a7882936a1b80724af8856a779bccb7154c3ff831e1715031713e43c42f54d45
a7cea655e2a8b377cdd9f05cc7c4daed319834e71fd424ebd3fcac342f63da61
a80654097d87eb3cf145577d3a13d6bb67715949f19118f654fa1bd1f0f13fbb
aab5ea4ce3ee44c38d80b6d88b14850e8f4e5e8aa1568b2a8f07633660382601
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac4b71a2b2236e975dc60d1b5e6f7892fc8b3d81347b8a53801cac1a3b44f86b
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5
af867b57adb916a1d85aa35d6ca3f8c3cb7ccbf7b1b42e94385617d6642772e4
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b48670bb740fdd7213ebd4d47b12d04c266d35fb9aa8d6d7eef783ea53fa86ef
b5f043d5a61bf274d66f53f78979717d9c718b3b100c74502bf1d8e61e4670ba
b629672e922619d8cb87c35c03d1a9cd4cd302adefd4eefcbbdd864dce4c09ef
b62c7525abf6f04c07653693b8866aceb0574279107a0640136a8e5e62fec512
bc06f1acbc6b4dd91d1349e328db85fa419317f8fef2b12cc33219161ee2a6f0
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f
c1805845a47cc4e2a57affaf7118b304a7c5948fb5e6d94f413c7c6ab5b848c0
c34299966d31c0354eac70bc6fc85bedcfa88a5ec90973ce4f3cdc6c5d103bd8
c8821d06dfd34ed87aeddfc12c30cd9095bdbbb50e74f2a4e1fe4a6d77431287
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cd1beaae80563bc042ec982dbcf9740bd9ac877913006ff795db777828630325
d1f0110b06d8bcfb9b97e78fcf0e8081b1ec27f721609176b0e20c811c8a51a0
d2054b9fb412f742d8d13aa75a48e59b830094999f9000ae8c69916e11b8d805
d262b04633fbcfb934184c79a2d1786fa24576ad6f7ccc40c5ba0aa540de9d54
d6f5aedf67284aeeaaaa0c532e71c40757fa449038d89d63c5e90a1ded226643
d72c797e9a478f9b23f4c7853d4cae1b3a880a7f55493309661940b6a36080fc
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d81a79158bdefd6bd21a27f8faf843314863a259440aa36e0a0536a0a0e22aa6
d81ac442ef29e01b9efc07e9abdc4884622799062df9629cbb40b76f06bbf9fa
da2adf6eb667e905d43c91eaf91ac120eaedc617e574510d4b97f4c7d166c873
dbe69967a22b67057e7f853839818529ac319fd1af585abe34b7c9edaddebbe5
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e1b17212f06f315c45603308568a24e1c58627c7099c0138514bd19ec62045c5
e333e1f4ee2f504155a24d3b8276a554f63f8ea5b6cc511d63839572aade0916
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7281a389d3c936af48ce5762e0541499056185702f31650ba5ad96c32d35b9b
e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853
eb4c9e01b05216fb02e2d7a4cad4073046b3a4aea8e8d52f41717353161746b2
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ec38edfd800366a0d2ef9cc33cb1de948c283732ac6b8c22cce4a9b39efe783e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f08b751ca9c4066e04b9711f240935393811d6f5aa922a6aa1627333c43e97
f3d4dd286e4d97debe5b027d16a5b319e4a812693477845e069f61e77fd0d18e
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8e429ea681e95312359b0dad8293252bad0ee4af0dd9ba7f2d85730413cd4f7
fe80f71c0ab949d390bdca99a5ee45addafcb58e7cce61085275574bcfac8318
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

canada24.co Open in urlscan Pro 62.171.188.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

229 Requests

92 %HTTPS

52 %IPv6

36 Domains

47 Subdomains

35 IPs

9 Countries

9099 kBTransfer

11628 kBSize

36 Cookies

1 Outgoing links

Page URL History

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

canada24.co Open in urlscan Pro
62.171.188.114 Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

92 %
HTTPS

52 %
IPv6

36
Domains

47
Subdomains

35
IPs

9
Countries

9099 kB
Transfer

11628 kB
Size

36
Cookies

229 HTTP transactions
7 data transactions